Reputation: 39
Same origin policy and .ajax crossDomain
Same origin policy says that I can write to other origin, but I can't read from other origin. But what about jQuyery's .ajax, with crossDomain = true? I can now read other origin
Upvotes: 1
Views: 137
Answers (1)
Reputation: 33163
jQuery, being a pure JavaScript library, is bound by the exact same limitations and security measures as JavaScript.
From the documentation:
crossDomain (default:
false for same-domain requests, true for cross-domain requests)
Type: Boolean
If you wish to force a crossDomain request (such as JSONP) on the same domain, set the value of crossDomain totrue. This allows, for example, server-side redirection to another domain.
In other words it can only force a non-cross-domain request to be considered cross-domain, but not the other way around. It has no effect when the request is actually cross-domain.
Upvotes: 1
Related Questions
- Ajax Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
- Same origin Policy and CORS (Cross-origin resource sharing)
- AJAX: overcome same origin policy
- Why Cross-Domain AJAX call is not allowed?
- jQuery Ajax Cross Origin Issue?
- Same Origin Policy seemingly inconsistent using jQuery AJAX API
- Cross-Domain Requests with jQuery
- Is this same origin policy?
- Cross Domain AJAX query
- Same origin policy violated?