Are AJAX calls to a sub-domain considered Cross Site Scripting?
Posted
by AaronPresley
on Stack Overflow
See other posts from Stack Overflow
or by AaronPresley
Published on 2010-06-14T20:09:48Z
Indexed on
2010/06/14
20:12 UTC
Read the original article
Hit count: 185
JavaScript
|AJAX
I have Server A (www.example.com) sending information to Server B. I can only have HTML / JS on Server A (and have to do the "crunching" on Server B) so I'm trying to send form data via AJAX (trying to avoid a form post to Server B - don't ask).
Obviously doing an AJAX call cross-domain is considered XSS and a big no-no, but if I were to put Server B in a subdomain (sub.example.com), would that be considered okay? How are cross-domain errors detected? Does the browser look up DNS records? IP address?
Thanks in advance for you help.
© Stack Overflow or respective owner