Cross Domain AJAX
When asked how to make AJAX a request to another domain, I always answered that I did, and suggested jsonp, proxy, flash, frames as an alternative. But it turns out that most modern browsers (IE8 +, FF3.5 +, Chrome 6+ and Safari 4+) fully support cross domain XMLHTTPRequest.
On the client side, everything remains unchanged. Only now the browser does not block the request when sending, but adds to it a header with the name of the domain from which the request is made:
The answer from the server, he just does not pass back, the server must add a special header:
Instead of an asterisk, the server can specify a specific domain that is allowed to receive a response.
')
Here is an elegant solution. Without unnecessary HTTP requests, without changing the client API, without violating the security of existing applications (after all, uploading a picture from another domain or sending the form to the iframe could have been done before), and finally, unlike Flash, with a flexible setting of access rights to individual pages.
CORS Specification
Browser Support (Eng.)
Security Considerations
easyXDM is an alternative solution that works without Flash in all browsers.
On the client side, everything remains unchanged. Only now the browser does not block the request when sending, but adds to it a header with the name of the domain from which the request is made:
Origin: example.comThe answer from the server, he just does not pass back, the server must add a special header:
Access-Control-Allow-Origin: *Instead of an asterisk, the server can specify a specific domain that is allowed to receive a response.
')
Here is an elegant solution. Without unnecessary HTTP requests, without changing the client API, without violating the security of existing applications (after all, uploading a picture from another domain or sending the form to the iframe could have been done before), and finally, unlike Flash, with a flexible setting of access rights to individual pages.
CORS Specification
Browser Support (Eng.)
Security Considerations
easyXDM is an alternative solution that works without Flash in all browsers.
Source: https://habr.com/ru/post/114432/
All Articles