Like a lot of developers, I want to make JavaScript served up by Server "A" talk to a web service on Server "B" but am stymied by the current incarnation of same origin policy. The most secure means of overcoming this (that I can find) is a server script that sits on Server "A" and acts as a proxy between it and "B". But if I want to dep...
I'm developing a page that pulls images from Flickr and Panoramio via jQuery's AJAX support. The Flickr side is working fine, but when I try to $.get(url, callback) from Panoramio, I see an error in Chrome's console: XMLHttpRequest cannot load http://www.panoramio.com/wapi/data/get_photos?v=1&key=dummykey&tag=test&offset...
I'm writing a Chrome extension, and would like to be able to clean up given urls, so that I get their security origin. Using location.host seems to do the job, but it's not always usable - if I'd like to get the origin of an IFrame element, for instance, the call will be blocked. Looking at WebKit's source, this seems like a far from tr...
Hi, I'm just reading up on possible technologies or ways to manipulate the DOM of a user-defined website in a browser or webinterface. The "Same Origin Policy" normally prevents doing this in the browser but there are several ways to avoid this. First thing I can think of is using a Firefox Add-On or Greasemonkey-Script. Another way is...
if in the website http://www.mysite.com there's an external js file added as <script src="http://www.yoursite.com/new.js"></script> within the http://www.yoursite.com/new.js js file, there's an ajax call to a script in http://www.yoursite.com/new.js in such a case will there be the same-origin policy security problem, as i...
I am posting this question on Super User as well. In my opinion this question overlaps the two... I am creating a simple JavaScript wrapper for CouchDB's REST-ful interface, but I am stuck on same-origin policy issues. So far I've been developing my code to work locally - and only as a proof of concept - on Mozilla FireFox. My server i...
I have some JavaScript that is sharing a request between two separate servers on the same domain. Is .com a requirement for the domain in JavaScript? In this case both the servers are on the .abc.tyy domain with the tyy being what would normally be .com Wondering if I can only use .com for the domain? I am getting a permission denied ...
What is the real meaning of SOP (Same Origin Policy)? I know it means that the Javascript code from one origin cannot accuess resources from another origin. But what exactly does the word "resources" mean? For example: Javascript code can access IMAGES from another site. Javascript code cannot make ajax request to another side. ...
This question was previously asked and answered correctly, but there did not seem to be a solution posted. If a site has iframes, and one wants to prevent those from being enclosed in a frame from a different domain, simplistic frame-busting will not be useful: <script>if (top != self) top.location = location</script> However, since ...
I'm developing app with SmartGWT framework which gonna work through ssl-connection. SmartGwt libs are big enough, and using of https prevents caching. Is there any way to use JSONP to access static content of SmartGwt app via http? Or maybe you can suggest any other way of static content caching in this case? Thanks ...
My GWT app works fine in DevMode if I am connected to the network. If I disconnect (turn Airport off), my app stops working. The problem occurs when the app makes an XHR request. Googling around suggests that this is related to a Same-Origin Policy violation; but I can't understand why that would occur when I'm disconnected, and not whe...
The new Facebook Javascript SDK can let any website login as a Facebook user and fetch data of a user... So it will be, www.example.com including some Javascript from Facebook, but as I recall, that script is considered to be of the origin of www.example.com and cannot fetch data from facebook.com, because it is a violation of the "same...
Hi, I know that this is a popular topic, but I've yet to find an answer that's completely comprehensive. I'm trying to create a simple way for our 'customers' to place a Google Map on their website, which plots the position of our customers (or a subset thereof) on the map. The customers are in a MySQL database which is turned into XML...
Here is my code. You have to kindly look does it suffer from 'same origin policy' in this shape. The domain for HTML is (http://127.0.0.1/jqload.html) & php file (http://127.0.0.1/conn_sql.php). This is json format : [{"options":"smart_exp"},{"options":"user_int"},{"options":"blahblah"}] I actually want to append json data that I rece...