Are AJAX calls to a sub-domain considered Cross Site Scripting?

Question

I have Server A (www.example.com) sending information to Server B. I can only have HTML / JS on Server A (and have to do the \"crunching\" on Server B) so I\'m trying to sen

Answer 1

Sub-domains are considered different and will fail the Same Origin Policy unless both sub-domains declare the same document.domain DOM property (and even then, different browsers behave differently).

Answer 2

Short answer: No. See the Same Origin Policy

You can only make an XHR request to the same host, port, and protocol.

If you want to do Ajax without sticking to that, you can look at JSON-P.

(XSS is a completely different kettle of fish, in which a site allows data to be injected into it (e.g. via a URI) that gets treated as JS allowing third parties to direct people to your site, while they are logged into it, and steal or edit data.)