2Any page may set the documentdomain parameter to a right hand fully qualified

2any page may set the documentdomain parameter to a

This preview shows page 49 - 53 out of 55 pages.

2.Any page may set the document.domain parameter to a right-hand, fully-qualified fragment of its current host name (e.g., foo.bar.example.com may set it to example.com , but not ample.com ). If two pages explicitly and mutually set their respective document.domain parameters to the same value, and the remaining same-origin checks are satisfied, access is granted. 3.If neither of the above conditions is satisfied, access is denied. 49 © 2007-2019 Marco Papa & Ellis Horowitz
Image of page 49
Drawbacks of Same-Origin Policy once any two legitimate subdomains in example.com , e.g. and payments.example.com , choose to cooperate, any other resource in that domain, such as user-pages.example.com , may then set its own document.domain likewise, and arbitrarily mess with payments.example.com . This means that in many scenarios, document.domain may not be used safely at all. Whenever document.domain cannot be used - either because pages live in completely different domains, or because of the above problem - legitimate client-side communication between, for example, embeddable page gadgets, is completely forbidden in theory, and in practice very difficult to arrange Whenever tight integration of services within a single host name is pursued to overcome these communication problems, because of the inflexibility of same-origin checks, there is no usable method to sandbox any untrusted or particularly vulnerable content to minimize the impact of security problems. 50 © 2007-2019 Marco Papa & Ellis Horowitz
Image of page 50
Special Cases that Are Omitted From the Policy The document.domain behavior when hosts are addressed by IP addresses, as opposed to fully- qualified domain names, is not specified. The document.domain behavior with extremely vague specifications (e.g., co.uk ) is not specified. The algorithms of context inheritance for pseudo- protocol windows, such as about:blank , are not specified. The behavior for URLs that do not meaningfully have a host name associated with them (e.g., file:// ) is not defined, causing some browsers to permit locally saved files to access every document on the disk or on the web; users are generally not aware of this risk, potentially exposing themselves. The behavior when a single name resolves to vastly different IP addresses (for example, one on an internal network, and another on the Internet) is not specified, permitting various attacks and tricks 51 © 2007-2019 Marco Papa & Ellis Horowitz
Image of page 51
Same-origin policy for XMLHttpRequest security-relevant features provided by XMLHttpRequest The ability to specify an arbitrary HTTP request method (via the open() method), The ability to set custom HTTP headers on a request (via setRequestHeader() ), The ability to read back full response headers (via getResponseHeader() and getAllResponseHeaders() ), The ability to read back full response body as Javascript string (via responseText property).
Image of page 52
Image of page 53

You've reached the end of your free preview.

Want to read all 55 pages?

  • Fall '07
  • Papa
  • Ajax, Ellis Horowitz, Marco Papa

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture