Bart Van der Donck wrote:
Thomas 'PointedEars' Lahn wrote:
>Bart Van der Donck wrote:
>>ampo wrote:
Can anyone help with cross-domain problem?
I have HTML page from server1 that send xmlHTTPRequest to server2.
How can I do it?
You might be interested in Ajax Cross Domain:
http://www.ajax-cross-domain.com/
CAVEAT: Each and every bit of information sent and retrieved using this
method goes over a third-party server!
The default installation works with a web page that calls /cgi-bin/
ACD.js on the same website (though the .js may also reside on another
domain). ACD.js then does the request to the remote server. For
example:
http://www.ajax-cross-domain.com/#Synopsis
http://www.ajax-cross-domain.com/runit/1.htm
Two domains involved: the caller (ajax-cross-domain.com) and the
remote site (google.com).
Nevertheless, those who have a domain of their own usually don't need your
script (as they can put .htaccess and friends), and those who don't have a
domain usually can't run your script on their server (who can't/won't afford
a domain usually can't get CGI and friends because there are just not enough
ads that would pay for it).
So the latter group should be made aware that all their requests and
responses can be spied^Wlogged on, either by you (no offense meant, but a
statement of confidentiality is missing from your documentation), or a
man-in-the-middle because the connection is only partially encrypted (from
your server to the target host) at best.
There is also the inherent insecurity of passing sensitive data in URIs to
consider, since they end up in the local history and caches, proxy caches,
and default Web server logs. Not to mention the limitation of data to be
transmitted because browsers (and particularly that of the browser with
still the greatest market share, like it or not); BTW, that limit is at 2083
characters per URI in IE, not 2048.
Given these facts, I have to question the overall usefulness of your
script/service, even if your intentions may be good.
PointedEars
--
realism: HTML 4.01 Strict
evangelism: XHTML 1.0 Strict
madness: XHTML 1.1 as application/xhtml+xml
-- Bjoern Hoehrmann