To fight XSS attacks, the web browser imposes the same origin policy for HTTP requests made by JavaScript code. However, this behaviour is often desirable. Traditionally, server-side proxy or JSONP has been used but now there is a W3C Working Draft called CORS: Cross-Origin Resource Sharing. This post describes how it works.
No comments:
Post a Comment