[thelist] XML and Javascript: 2 questions

liorean liorean at gmail.com
Fri Oct 1 08:51:41 CDT 2004

On Fri, 1 Oct 2004 15:32:36 +0200, Peter-Paul Koch <pp.koch at gmail.com> wrote:
> This took me a while, but the answer seems to be No. I wrote a simple
> XMLHTTPrequest script and tried to load a file from another server:
> not allowed (Moz and IE).
> So for the moment it seems XMLHTTPrequests are limited to what you can
> get from your own server. If anyone can confirm or deny I'd be most
> happy.

XMLHttpRequest is affected by the same "same origin policy" as
anything else in JavaScript. Saf1.2, op7.6 and moz implementations are
all limited by it. The ie6w XMLHTTP object is also limited by it,
though ie5.5w allows cross domain access.
However, the domain restriction can be laxed by using signed scripting
in at least moz and probably also iew.

If you change the value of document.domain from 'x.example.net' (where
x is the subdomain) to just 'example.net' , I believe you can extend
the "same origin policy" to all subdomains instead of just the one.I
haven't tested this, though, and I might remember wrong on this point.
David "liorean" Andersson

More information about the thelist mailing list