Are AJAX calls to a sub-domain considered Cross Site Scripting?

Posted by AaronPresley on Stack Overflow See other posts from Stack Overflow or by AaronPresley
Published on 2010-06-14T20:09:48Z Indexed on 2010/06/14 20:12 UTC
Read the original article Hit count: 185

Filed under:
|

I have Server A (www.example.com) sending information to Server B. I can only have HTML / JS on Server A (and have to do the "crunching" on Server B) so I'm trying to send form data via AJAX (trying to avoid a form post to Server B - don't ask).

Obviously doing an AJAX call cross-domain is considered XSS and a big no-no, but if I were to put Server B in a subdomain (sub.example.com), would that be considered okay? How are cross-domain errors detected? Does the browser look up DNS records? IP address?

Thanks in advance for you help.

© Stack Overflow or respective owner

Related posts about JavaScript

Related posts about AJAX