Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Trying to get my head around why only javascript code can only call back to the same domain the page is hosted from and I understand that you do not want the code sending personal details etc to another domain (could be a malicious site).
However, if the other domain puts a crossDomain.xml file on their server, does that mean now a malicious site could accept calls?
As you can guess I have a rudimentary understanding of how this works, so any help will be appreciated.
If Site A publishes a suitable crossDomain.xml file then Site B can use Adobe Flash to read data from Site A. This has nothing to do with JavaScript.
The JavaScript equivalent is CORS.
In either case, the permission given should be either:
In the first case, if Site B is malicious then it can’t do anything bad with the data. In the second, the developer of Site A has made a serious mistake in trusting Site B.