Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 2 of 2 FirstFirst 12
Results 16 to 19 of 19
  1. #16
    Regular Coder
    Join Date
    Oct 2007
    Posts
    277
    Thanks
    2
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by rnd me View Post
    a different website cannot make request to your server using ajax, but a server or remote script request could. you can check the refferer header for a match as well. using post instead of get will cut off all non-user-approved (popup-warning) xdomain client-side IO actions.




    a script whose context originates from another site will not have access to your cookies.
    Thanks, but what if that script would use a function on my domain, would it count as if it was sent by my domain?

  2. #17
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by rnd me View Post
    you can check the refferer header for a match as well.
    The referer header can't be relied upon though.

  3. #18
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by shedokan View Post
    Thanks, but what if that script would use a function on my domain, would it count as if it was sent by my domain?
    http://en.wikipedia.org/wiki/Cross-site_scripting
    http://en.wikipedia.org/wiki/Cross-site_request_forgery

  4. #19
    Regular Coder
    Join Date
    Oct 2007
    Posts
    277
    Thanks
    2
    Thanked 4 Times in 4 Posts
    Oh, so they can't use code outside of their Iframe, thanks.
    I think I'll use iframes for some apps and have a way for them to put html content that will be checked for security before I'll let them publish their plugins.

    If someone would have said so in the first place I would have been less confused.

    Thanks for everyone anyway.


 
Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •