Thanks, Philipp Am 13.09.2013 07:04, schrieb Erno Kuusela: > Yeah, the simple answer is that normally you can't do REST requests with > XMLHttpRequest to arbitrary other URLs, because of the > same-origin security policy that browser enforce. Otherwise > a web page could steal cookies and do many kinds of request forgery > if you sent requests to other sites that the user is logged in to. > > To make exceptions to that rule, browsers implement this protocol for > cross-origin requests that let web services say "it's ok to ask me stuff > from other domains' context". > > More info at Zalweski's excellent Browser Security Handbook: > https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_XMLHttpRequest > > Before browsers gained support for this mechanism, they were > using this crazy thing called JSONP. It means you reference > the remote json document using <script src> so you just > evaluate the remote json as straight javascript, which is pretty > bad from a secutity point of view (gives the remote full control > of your javascript execution context). It had other problems too. > > You can see an example (you only do the "simple requests" usually)at > https://developer.mozilla.org/en/docs/HTTP/Access_control_CORS#Simple_requests > > So the server including the Access-Control-Allow-Origin header in > response to the browser's Origin header is what OK's it form the > browser's point of view. > > Erno > > -- ------------------------------------------------------------------------- Deutsches Forschungszentrum für Künstliche Intelligenz (DFKI) GmbH Trippstadter Strasse 122, D-67663 Kaiserslautern Geschäftsführung: Prof. Dr. Dr. h.c. mult. Wolfgang Wahlster (Vorsitzender) Dr. Walter Olthoff Vorsitzender des Aufsichtsrats: Prof. Dr. h.c. Hans A. Aukes Sitz der Gesellschaft: Kaiserslautern (HRB 2313) USt-Id.Nr.: DE 148646973, Steuernummer: 19/673/0060/3 --------------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: slusallek.vcf Type: text/x-vcard Size: 441 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-miwi/attachments/20130913/55b914a3/attachment.vcf>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy