ajax thinks it is staying on the same domain.
Yes I came to that conclusion. I think it is taking security too
far. Interpretting a term like "Domain" to be other than everywhere
else and forcing proxy to get around it, isn't making things safer as
improper proxy settings are far worse. So if anyone leading the
charge on AJAX and xmlHttpRequest should get a clue and not make
things more complex which makes things more vulnerable.
On Feb 6, 6:31 pm, "Jade King" <firstname.lastname@example.org> wrote:
Yes, I use the Apache proxy_module ProxyPass as that's the safest way.
But in my opinion I started above, the definition of "Domain" being
abrogated by whomever makes these decisions to include the Port is not
doing anyone a service. someserver.somedomain.com is in the same
domain as anotherserver.somedomain.com:8081 and should be treated that
way DNS doesn't include port so there is little security risk if the
port is different in a URL, but requirement for a proxy has
significant security risk.
On Feb 7, 4:27 am, "Ivan" <email@example.com> wrote: