same-origin-policy

I'm displaying an external JavaScript file using jQuery. Is the reason "same origin policy" is not being broken because it is not an AJAX request? http://jsfiddle.net/m7q3H/52/ Fiddle code : HTML <body> <div id="toupdate"> <script type="text/javascript" charset="utf-8" src="http://static.polldaddy.com/p/6343621.js"></script> </div> </body>​ jQuery $(document).ready(function() { console.log('HTML is '+$('#toupdate').html()); });​ Oh absolutely no problem here. You could reference javascript files from wherever you want. For example Google CDN provides common js files such as jQuery that you

Maybe are there some settings to disable this in extension context. Since I'm developing an extension it should be my own responsibility to not shoot my own goal. It is very frustrating to fiddle with this security thing that is totally out of reason when developing browser extensions. I don't want to make whole browser insecure by disabling it globally. just for the scripts that are set in "content_scripts" section in manifest.json Your manifest.json file should have the domain you're looking to use in the permissions: "permissions": [ "http://*.domain.com/" ] 来源： https://stackoverflow.com

I have a server on our company intranet that runs JBoss. I want to send API calls to this server from my machine, also on the intranet, and get the resulting XML responses using JQuery. I read the entry on Wikipedia but am confused how that applies to my situation, since our machines only have IP addresses, not domain names. I have server URL : 10.2.200.3:8001/serviceroot/service client IP address : 10.2.201.217 My questions are: As far as I understand these are different domains, right? So I have to use a proxy to issue JQuery.ajax calls to the server If I want to avoid doing (2), can I

I am writing this javascript that will be used on several other domains which calls a php script(only on my domain) to return an array. I am using xmlhttp and it works great when testing on my domain, but as soon as the javascript is placed or called from a separate domain it completely breaks. Anybody know how to make this request cross-domain? Note: I had to perform a weird little hack to allow me to make two separate calls and make sure that they were both returned before processing. Anyways this does work perfectly every time on my domain. This is tin the javascript file that calls my php

I'm still new to Phonegap and I am working with the Android SDK for some days now. At least I wanted to do a XMLHttpRequest to get data from my server. I knew about the Same Origin Policy before and I asked myself, how this should work with a "native app". I searched the internet and found some topics, where people were telling others, that there is no Same Origin Policy on Phonegap, because it uses the file:// protocol and additionally there is a domain whitelist in it's config.xml . On the other hand there were a bunch of topics of people having problems with XHR's and others told them, that

I'm hosting an WebApp and his API on different domains and use CORS to be able to work around the same origin policy. So far, so good. This works. To only send a CORS preflight once per session I set the Access-Control-Max-Age to 20 days, But this is not working (tested in Chrome): https://db.tt/vfIW3fD2 What do I have to change? If you are using Chrome Dev Tools, make sure you have "Disable cache (while DevTools is open)" unchecked . I was having issues with the "Access-Control-Max-Age" not being honored only to realize that I had that option checked. monsur Chrome/Blink imposes a max

I need to make a cross domain request from a script that runs in firefox (it's just for development purposes). Can this be achieved? maybe modifying the about:config keys? Thanks! There is a great post by James Padolsey on how to to cross domain requests using jQuery, But the post also has very good resources. There need to be some tweaking to be done on the other server to allow cross domain calls using crossdomain.xml Opera 10.5 allows for "Allow Cross Domain Access". A little late, but thought I'd post the info here anyway; I didn't fully read the links in everyone's answers, but I had a

This question already has an answer here: Why does my JavaScript code get a “No 'Access-Control-Allow-Origin' header is present on the requested resource” error when Postman does not? 44 answers I make a GET request using Postman extension and obtain a response, but if I make the same request using jQuery I receive a typical error: XMLHttpRequest cannot load http://www.rfen.es/publicacion/ranking/resultsBySwimmer.asp?l=020039535&t=&p=0&e=50L-I . No 'Access-Control-Allow-Origin' header is present on the requested resource. Why does this happen? My javascript code is simple: function getTiempo

I want to serve my JavaScript scripts from a CDN like cloudflare. Now my scripts communicate with my app server via ajax. Wouldn't the same-origin policy restrictions come into play when I load these scripts from a CDN? Let's say my app is on the domain: http://app.com And I load my scripts from http://cdn.com/xyz/all.js Now, since my scripts are loaded from a different domain than the domain my app is running from, I guess the same origin policy would prevent me from doing ajax communication with my app. Am I getting something wrong? Prinzhorn No, it will work. That's why JSONP works. The