A few months back I was ranting (I do that sometimes) about XSS and its negative affect on AJAX application development. Just recently I read about the Cross Origin Resource Sharing standard from the W3C. It is some pretty dry reading, but this Mozilla Developer Center article distills it into something usable. From what I understand there is hope for AJAX as long as you are using a modern browser that supports "preflighting". Of course you also need a server-side layer that filters these preflighted requests and returns the authorization to send the "real" AJAX request from the cross-domain web browser application.
Again this only works if your browser supports it, and we all know how notorious cross-browser support can be. Case in point, we are still using IE6 at my day job.
No comments:
Post a Comment