|
|
| 22-07-09 / 00:31 : Access Control for Cross-Site Requests (cjed) | | On theMozilla site we can find an article about support for Access Control for Cross-Site Requests in Firefox 3.5. This recommandation submitted to W3C allows to circumvent the same orgin policy limitation in a secure way, in order to provide cross-domain access using XMLHttpRequest (then no need for JSONP). The principle is to specify, through new headers, the origin for client requests, and allowed origins in server's responses (requires an additional initial request, managed automatically by Firefox, in the same way as with native browser digest authentication - the unique XMLHttpRequest object is reused automatically by the browser to send the original data once access rights are checked). It also allows to manage cookies (unavailable using JSONP). | | | Comments | | Write a comment | |
|
