Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Jun 2009
    Thanked 0 Times in 0 Posts

    AJAX Cross Site Security

    Hi guys, I'm a bit confused as to how the security model on a browser works. you can include any script from any other site using a script tag. However, these scripts run with the permissions of the embedding web page.

    If you include a script, say from google.com, how is it able to fetch data from google.com's server say for the map api? Upon inspection, it doesn't seem that the embedded map is an iframe, rather it's generated from the server and contains data specific to method calls. Are they just using json or am I misunderstanding the security model.

    I would like to be able to use javascript on one site to fetch html content from another domain. I can include the js file from the other domain.


  • #2
    Senior Coder rnd me's Avatar
    Join Date
    Jun 2007
    Thanked 581 Times in 562 Posts
    it doesn't matter where the script file comes from, but the data must be in jsonp to cross domains.

    google and others use json in their APIs to let the data flow freely.
    my site (updated 13/9/26)
    BROWSER STATS [% share] (2014/5/28) IE7:0.1, IE8:5.3, IE11:8.4, IE9:3.2, IE10:3.2, FF:18.2, CH:46, SF:7.9, NON-MOUSE:32%


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts