[WEB SECURITY] AJAX load content from different hosts/sites?

Mattias Ahnberg mattias at ahnberg.pp.se
Tue Jan 22 12:45:25 EST 2008


Koen Van Impe wrote:
> Most server-side languages (like php) allow you to include content from
> other sites (for php, fe. there's file_get_contents()), regardless of
> the sitename.

Good point!

> What exactly do you mean by AJAX-load? Including "news" from other sites
> can be done via RSS and has no need for AJAX.

I meant mashup-stuff like google maps and such, but after I sent
the e-mail I came to think of looking up how those services do
it and stumbled over the <script>-loading trick that allows me
to do what I want.

I just put the .js files on the other site (since I control
them both) and included it from there, thus circumventing the
same origin policy. It works well for my situation.
-- 
/ahnberg.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list