JavaWorld: Dynamic Webpages with JSON

There’s an interesting article on how to overcome the same origin policy used by modern web browsers. It’s a security policy that prevents JavaScript from accessing a location different from the one it was loaded from. Same location normally means same protocol, subdomain, and domain. The same origin policy is sometimes called same site policy. One of the reasons for having this policy is to fix security issues like cross site scripting.

Communication between the synformation server and the client web application takes place under the same origin policy. Whenever the client needs data from another service outside the synformation domain, the synformation server can act as a proxy for such requests, thus avoiding to circumvent the policy. If you don’t have a server to act as a proxy for you, then the technique described in this article might be of interest to you. From a security perspective, neither of the two approaches is inherently more safe.

0 comments… add one

Leave a Comment