Sunday, July 05, 2009

Not the same origin

By the way, Firefox 3.5 allows you to make XMLHttpRequests cross domain (in other words code loaded from some domain foo.com can make XHR requests to domain bar.com). Mozilla's spec suggests a special HTTP header for that:

Access-Control-Allow-Origin: *

with this header your server informs client that cross domain request is Ok from any domain. Instead of * you can use there a name of domain allowed to perform cross domain requests.

And here is Java servlets filter from JSOS lets you add such a header to your site so cross domain requests could be allowed for existing web applications - Cross domain Ajax filter.

No comments: