Microsoft fix Cross Domain Ajax Issues


... or at least they do with a little help from Secunia, the web security people.

Many of you, I am sure, have tried to put some mashups etc., for a new website but fallen foul of the security restrictions in browsers that don't allow cross domain requests. Some answers have been developed over time, such as using proxies, utilising Flash and even JSON, which is widely used by many companies including Yahoo and Google.

But little did we know that MS, in their infinite wisdom had the answer as an undocumented feature (sic) in Internet Explorer 6 and have been kind enough to carry it over to IE7. Like many things in life, there is potential bad you can do with this, including getting your visitors to undertake "actions" for you, but there are positive effects as well, such as enabling those amazing mashups you only wish were possible yesterday. Thank you MS

I think I'd better stop there, the sarcasm is starting to hurt :D


oh I like that! Nice post

oh I like that! Nice post Jason, I hope the patch is slow in coming.


How does JSON solve cross-domain access issues?

JSON fixes it as, if the

JSON fixes it as, if the content provider offers it, it can be called in a cross domain manner via JavaScript using a dynamic script tag.

Loads of commentary on it out there by people who are better than explaining it than I

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.