Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Let’s say I have a domain, js.mydomain.com, and it points to some IP address, and some other domain, requests.mydomain.com, which points to a different IP address. Can a .js file downloaded from js.mydomain.com make Ajax requests to requests.mydomain.com?
How exactly do modern browsers enforce the same-domain policy?
The short answer to your question is no: for AJAX calls, you can only access the same hostname (and port / scheme) as your page was loaded from.
There are a couple of work-arounds: one is to create a URL in
foo.example.comthat acts as a reverse proxy forbar.example.com. The browser doesn’t care where the request is actually fulfilled, as long as the hostname matches. If you already have a front-end Apache webserver, this won’t be too difficult.Another alternative is AJAST, which works by inserting script tags into your document. I believe that this is how Google APIs work.
You’ll find a good description of the same origin policy here: http://code.google.com/p/browsersec/wiki/Part2