Cross domain Ajax request from within js file

Question

Here\'s the problem:

1.) We have page here... www.blah.com/mypage.html

2.) That page requests a js file www.foo.com like this...

Answer 1

The method shown above could become a large security hole. Suggest you verify the site name against a white list and build the actual URI being proxied on the server side.