Menu
I have Server A (www.example.com) sending information to Server B. I can only have HTML / JS on Server A (and have to do the "crunching" on Server B) so I'm trying to send form data via AJAX (trying to avoid a form post to Server B - don't ask).
Obviously doing an AJAX call cross-domain is considered XSS and a big no-no, but if I were to put Server B in a subdomain (sub.example.com), would that be considered okay? How are cross-domain errors detected? Does the browser look up DNS records? IP address?
Thanks in advance for you help.
478
Sub-domains are considered different and will fail the Same Origin Policy unless both sub-domains declare the same document. domain DOM property (and even then, different browsers behave differently).
Browser does not allow cross domain AJAX requests due to security issues. Cross-domain requests are allowed only if the server specifies same origin security policy. To enable CORS, You need to specify below HTTP headers in the server. Access-Control-Allow-Origin – Name of the domain allowed for cross domain requests.
ajax({ url: 'proxy. php', type: 'POST', data: { address: 'http://www.google.com' }, success: function(response) { // response now contains full HTML of google.com } });
A common problem for developers is a browser to refuse access to a remote resource. Usually, this happens when you execute AJAX cross domain request using jQuery Ajax interface, Fetch API, or plain XMLHttpRequest. As result is that the AJAX request is not performed and data are not retrieved.
Sub-domains are considered different and will fail the Same Origin Policy unless both sub-domains declare the same document.domain DOM property (and even then, different browsers behave differently).
80
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
