Reputation: 210
AJAX and GOOGLEAPIS.COM
I do know for a fact (because I use it myself) that plain AJAX calls successfully reach the host at ajax.googleapis.com This seems to violate the rule that such calls should only go to the originating server, i.e. mine. How do browsers know it is ok to break this rule when comes to googleapis.com and, possibly, some others hosts?
Upvotes: 0
Views: 395
Answers (1)
Reputation: 33538
the rule that such calls should only go to the originating server
This is know as the Same Origin Policy.
How do browsers know it is ok to break this rule when comes to googleapis.com and, possibly, some others hosts?
If the host implements Cross-Origin Resource Sharing then it can allow other origins (domains mainly, but also different website ports or protocols) to make AJAX requests to it and read the response.
Upvotes: 2
Related Questions
- Sending AJAX request to secured websites
- Security issues in ajax call
- AJAX GMAIL API Call Authorization error
- How does Google's javascript API get around the cross-domain security in AJAX
- Call a Google Apps Script that requires authorization in AJAX
- google authorized request issue
- AJAX Security Issue
- Google API Json Ajax/Jquery Call
- Securing AJAX API
- Google Ajax Library API & jQuery(function() {})