tags:

views:

115

answers:

2
+2  Q: 

How does the same origin policy apply to IP addresses

I have a server on our company intranet that runs JBoss. I want to send API calls to this server from my machine, also on the intranet, and get the resulting XML responses using JQuery.

I read the entry on Wikipedia but am confused how that applies to my situation, since our machines only have IP addresses, not domain names.

I have

  • server URL: 10.2.200.3:8001/serviceroot/service
  • client IP address: 10.2.201.217

My questions are:

  1. As far as I understand these are different domains, right? So I have to use a proxy to issue JQuery.ajax calls to the server
  2. If I want to avoid doing (2), can I install Apache on the server and server the page with JS code form there? But then the JS will be from 10.2.200.3 and the server is at 10.2.200.3:8001. Aren't these considered different domains according to policy?

Thanks!

+1  A: 

  1. Yes.

  2. Yes, different ports mean different origins. This is something that most browsers have done in JS for a while, but it is explicitly described in the HTML5 draft, which is referenced by the XMLHttpRequest draft.

If A and B have port components that are not identical, return false.

bobince  2010-04-21 22:39:20
Thanks Bobince! One further Q: Which would you suggest, should I have my JBoss server also serve the pages with JS at 10.2.200.3:8001 or should I go with the commonly used proxy server solution.
recipriversexclusion  2010-04-21 22:52:34
Depends on how integral your web extras are to the service, I think, whether you want them to be effectively part of the same project. Either way, I'd be loath to run development AJAX scripts against a production server, if that's what it is.
bobince  2010-04-21 23:02:51
+1  A: 

If the port, or address are different, they are different domains. If you need to access information from what is effectively another server you really have two options. One is to write some sort of reverse proxy to pass your requests from the same origin server to the secondary server.

Alternatively, if you are in control of the secondary target, and there's no security risk in providing direct access, you could consider adjusting the secondary server to emit JSON-P responses.

Tracker1  2010-04-22 00:40:04

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript