52 © 2007-2019 Marco Papa & Ellis Horowitz
Checks on XMLHttpRequest • The set of checks implemented in all browsers for XMLHttpRequest is a close variation of DOM same-origin policy, with the following changes: • Checks for XMLHttpRequest targets do not take document.domain into account, making it impossible for third-party sites to mutually agree to permit cross-domain requests between them. • In some implementations, there are additional restrictions on protocols, header fields, and HTTP methods for which the functionality is available, or HTTP response codes which would be shown to scripts (see later). 53 © 2007-2019 Marco Papa & Ellis Horowitz
CORS Example © 2007-2019 Marco Papa & Ellis Horowitz 55
You've reached the end of your free preview.
Want to read all 55 pages?
- Fall '07
- Ajax, Ellis Horowitz, Marco Papa