Simon Willison’s Weblog

Items tagged quora, security in Dec, 2010

Filters: Year: 2010 × Month: Dec × quora × security ×


Why do browsers allow cross-domain JavaScript to execute but not XMLHttpRequests?

It’s called the Same Origin Policy, and it’s principally about intranets. Imagine you have a URL http://intranet.corp/top-secret-...—and you then visit http://evil.example.com/ . If cross domain XHR was allowed the evil site could suck that secret document off your intranet without you realising.

[... 105 words]

Types

Years

Months

Tags