using XMLHttpRequest it is not possible to open a connection to a document on a different domain than where the page itself is hosted.
but what about different ports?
for example I have a webserver running on my machine listening on port 80 so the webaddress would look like this:
http://localhost:80/mypage.html
and I have another webserver running on localhost which is meant to process the ajax requests but listens on a different port. so the javascript in mypage.html would look like this:
var xmlhttprequest = new XMLHttpRequest();
xmlhttp.open("GET", "http://localhost:1234/?parameters", true);
xmlhttp.send();
would this work? or will it give a security exception as well?
Websites that have the combination of the same scheme, hostname, and port are considered "same-origin". Everything else is considered "cross-origin".
Long. The best explanation comes from the MS engineer who invented XHR: This was the good-old-days when critical features were crammed in just days before a release…
Using a different port does indeed count as cross-site scripting.
There are several well-known ways to make a call (you can always send the data) and use the response (which is what you cannot normally do under anti-xss constraints), including JSONP and using an iframe in the page to load the data.
This wouldn't go as it is still practically on another server (at least another server instance, which may not be under your control).
You could add a Access-Control-Allow-Origin: http://yourdomain:1234/ in headers, google for Cross-Origin Resource Sharing. It's relativelly new though, not all browsers know about this. Or you can use jQuery (read more on http://softwareas.com/cross-domain-communication-with-iframes).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With