ajax thinks it is staying on the same domain.
Yes I came to that conclusion. I think it is taking security too
far. Interpretting a term like "Domain" to be other than everywhere
else and forcing proxy to get around it, isn't making things safer as
improper proxy settings are far worse. So if anyone leading the
charge on AJAX and xmlHttpRequest should get a clue and not make
things more complex which makes things more vulnerable.
Ollie
On Feb 6, 6:31 pm, "Jade King" <heroshao@gmail.com> wrote:
> IE and FF think different prot as different domain, so it is not
> allowed to cross domain for ajax
> On 2?3?, ??9?29?, "MikeOliverAZ" <o@alariussystems.com> wrote:
> > Does the xmlHttpRequest object see localhost/somepath as a different
> > domain than localhost:8081/someotherpath
> > MikeOliverAZ wrote:
> > > I am getting the open denied error when a CGI generated page with ajax
> > > on it tries to connect to a REST servlet on tomcat on the same machine
> > > in Firefox.
> > > is localhost handled differently for the cross domain limitation?
> > > Ollie
Yes, I use the Apache proxy_module ProxyPass as that's the safest way.
But in my opinion I started above, the definition of "Domain" being
abrogated by whomever makes these decisions to include the Port is not
doing anyone a service. someserver.somedomain.com is in the same
domain as anotherserver.somedomain.com:8081 and should be treated that
way DNS doesn't include port so there is little security risk if the
port is different in a URL, but requirement for a proxy has
significant security risk.
On Feb 7, 4:27 am, "Ivan" <eulaersi@yahoo.com> wrote:
> I've solved this by adding a proxy in my apache definition so that
> ajax thinks it is staying on the same domain.
Add to del.icio.us |
Digg this |
Stumble it |
Powered by Megasolutions Inc
