52 2007 2019 Marco Papa Ellis Horowitz Checks on XMLHttpRequest The set of

52 2007 2019 marco papa ellis horowitz checks on

This preview shows page 52 - 55 out of 55 pages.

52 © 2007-2019 Marco Papa & Ellis Horowitz
Image of page 52
Checks on XMLHttpRequest The set of checks implemented in all browsers for XMLHttpRequest is a close variation of DOM same-origin policy, with the following changes: Checks for XMLHttpRequest targets do not take document.domain into account, making it impossible for third-party sites to mutually agree to permit cross-domain requests between them. In some implementations, there are additional restrictions on protocols, header fields, and HTTP methods for which the functionality is available, or HTTP response codes which would be shown to scripts (see later). 53 © 2007-2019 Marco Papa & Ellis Horowitz
Image of page 53
Cross-origin resource sharing (CORS) Cross-origin resource sharing (CORS) allows many resources (e.g, fonts, JavaScript, etc.) on a web page to be requested across domains. In particular, AJAX calls can use XMLHttpRequest across domains. Such “cross-domain” requests would otherwise be forbidden by web browsers. The CORS standard adds new HTTP headers. If the browser recognizes a cross- domain request, it sends an “Origin” HTTP header. Suppose a page from attempts to access user data from online- personal-calendar.com. If the browser supports CORS, this header is sent: Origin: If the server at online-personal-calendar.com allows the request, it sends an Access-Control-Allow-Origin (ACAO) header in the response. The value of the header indicates what origin sites are allowed. For example: Access-Control-Allow-Origin: If the server does not allow the CORS request, the browser will deliver an error instead of the online-personal-calendar.com response. Firefox 3.5+, Safari 4+, Chrome3+, IE 10+, Opera 12+, and Edge support CORS . See: © 2007-2019 Marco Papa & Ellis Horowitz 54
Image of page 54
CORS Example © 2007-2019 Marco Papa & Ellis Horowitz 55
Image of page 55

You've reached the end of your free preview.

Want to read all 55 pages?

  • Fall '07
  • Papa
  • Ajax, Ellis Horowitz, Marco Papa

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture