views:

39

answers:

3

When doing an AJAX call, why do browser security rules state that you cannot make a request to a different domain?

+1  A: 

"[T]o prevent the loss of data confidentiality or integrity." See Same Origin Policy.

Eric Mickelsen
A: 

For security. Learn about the Same Origin Policy.

If one webpage could make an AJAX request to another site, the browser would send along cookies to that site, and the first page could get confidential information from that site.

There are several ways to get around this restriction if (1) you are in control of both servers, or (2) you don't care about cookies. Do a Google search for cross-domain AJAX.

dmazzoni
A: 

Here's an interesting story.

Darin Dimitrov