MozillaWiki

Cross Site XMLHttpRequest: Difference between revisions

Page Discussion

Cross Site XMLHttpRequest (view source)

Revision as of 00:58, 13 February 2007

230 bytes removed ,  13 February 2007
→‎Security worries
No edit summary
Line 30: Line 30:


* Should we try to follow these specs even when accessing files on the same domain? From the sites point of view they can't rely on that anyway since all browsers don't support the access-control spec (and old versions never will).
* Should we try to follow these specs even when accessing files on the same domain? From the sites point of view they can't rely on that anyway since all browsers don't support the access-control spec (and old versions never will).
* What are the security implications of setting up the "real" document before knowing if access checks will succeed or not. We could easily make sure the page doesn't get access to the document, but there might be other worries.


* We have to make sure to not notify the onreadystatechange listener or any other listeners until we've done all access control checks. Otherwise it would be possible to check for the availability of files on other servers though you couldn't actually read the content.
* We have to make sure to not notify the onreadystatechange listener or any other listeners until we've done all access control checks. Otherwise it would be possible to check for the availability of files on other servers though you couldn't actually read the content.
Sicking
Confirmed users
716

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/48957"