Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Jun 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    AJAX Cross Site Security

    Hi guys, I'm a bit confused as to how the security model on a browser works. you can include any script from any other site using a script tag. However, these scripts run with the permissions of the embedding web page.

    If you include a script, say from google.com, how is it able to fetch data from google.com's server say for the map api? Upon inspection, it doesn't seem that the embedded map is an iframe, rather it's generated from the server and contains data specific to method calls. Are they just using json or am I misunderstanding the security model.

    I would like to be able to use javascript on one site to fetch html content from another domain. I can include the js file from the other domain.

    Thanks!

  • #2
    Senior Coder rnd me's Avatar
    Join Date
    Jun 2007
    Location
    Urbana
    Posts
    4,190
    Thanks
    10
    Thanked 569 Times in 550 Posts
    it doesn't matter where the script file comes from, but the data must be in jsonp to cross domains.

    google and others use json in their APIs to let the data flow freely.
    my site (updated 13/9/26)
    BROWSER STATS [% share] (2014/1/19) IE7:0.2, IE8:6.7, IE11:7.4, IE9:3.8, IE10:4.4, FF:18.3, CH:43.6, SF:7.8, MOBILE:27.5


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •