Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
For example: Server renders a page and then user makes an Ajax call using Javascript console to the same host using same protocol. Does it violate same-origin policy?
Follow up question – if the above scenario does not violate same-origin policy, is there any way to make sure that web browser is executing genuine, unmodified Javascript from my host?
Thank you.
No and No. It is not possible to know if the user changes the code. I do not even need a console. I can hijack the http responses and serve different files. That is why you need to validate everything on the server.