Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cross domain and google CDN for jquery [closed]

Doesn't using Google CDN for jquery break the rule of not using cross domain requests on the webpage. Do we trust Google enough to do this?

like image 378
Vinodh Ramasubramanian Avatar asked Feb 01 '10 22:02

Vinodh Ramasubramanian


People also ask

How to include jQuery from CDN like Google?

To link normal jQuery from Google CDN, add the Google CDN address in the src attribute of the script tag. The jquery. js can be added like below. Let's understand how to link minified jQuery from Google CDN with the help of a complete example.

What would you enable to allow browser on another site to make an Ajax request to your API?

CORS Proxy Servers can specify that they want browsers to allow other websites to request resources they host. CORS Proxy is simply an HTTP Proxy that adds a header to responses saying "anyone can request this".


2 Answers

The use of script tags from a foreign website are allowed within the browser itself. Because it is presumed that you intend to load this functionality. The scripts loaded are not able to communicate directly with the foreign domain though (XHR same-origin, except with CORS). Now, this is precisely why you don't want to allow for un-checked user input that could load a script from a foreign site. It is possible for a foreign script to do things you don't want, but if it is from a trusted source, it should be fine.

If google was caught to be using an injection via their CDN, there would be severe backlash, and I doubt it would ever happen, and if it did, would be corrected far more quickly than you would even notice the issue.

like image 182
Tracker1 Avatar answered Oct 05 '22 23:10

Tracker1


No, it doesn't break the rules of cross domain requests. When you include jQuery from Google's CDN, you are simply including a resource into your page (much like linking to an image). This does not fall into the Same Origin Policy security concept to which I assume you refer, which mostly encompasses XHR (ajax) requests.

like image 36
karim79 Avatar answered Oct 05 '22 23:10

karim79