Access Control for Cross-Site Requests

Posted: July 21, 2009 in IT/Dev
Tags: , , , , , ,

On theMozilla site we can find an article about support for Access Control for Cross-Site Requests in Firefox 3.5. This recommandation submitted to W3C allows to circumvent the same orgin policy limitation in a secure way, in order to provide cross-domain access using XMLHttpRequest (then no need for JSONP). The principle is to specify, through new headers, the origin for client requests, and allowed origins in server’s responses (requires an additional initial request, managed automatically by Firefox, in the same way as with native browser digest authentication – the unique XMLHttpRequest object is reused automatically by the browser to send the original data once access rights are checked). It also allows to manage cookies (unavailable using JSONP).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s