Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Something I find really confusing, is why are AJAX requests limited to the same domain? What is the reasoning behind this?
I don’t see any problem with requesting files from external locations, also servers making XMLHTTP requests seem to get and post to external locations fine.
Picture this :
You come on my fabulous website http://www.halfnakedgirls.com. You have fun watching what looks like technical documentation on human physiology, but behind your back, some lines of JavaScript are executing some request to another domain, let’s say http://www.yourpaypallike.com.
Requests like
http://www.yourpaypallike.com/account/transfer?to=badguy@evilwebsite.com&amount=984654orhttp://www.mymailprovider.com/mails/export?format=csv.Do you now see why it is forbidden ? =)