Same origin policy
With so much AJAX based web applications coming out in full swing one has to be aware that there is lot of javascript coding that runs on the user’s machine. That could mean security vulnerabilities. Think about this situation. A user is using an AJAX based web application and simultaneously he/she has a browser window opened that is connected to his/her online banking. What if the AJAX application sent an AJAX request to the bank making it look like a request from the banking application? If the bank application responded back with confidential information, the AJAX site could then update it back to its site. This would lead to a heavy security breach. Mozilla’s same origin policy helps in blocking such malicious requests. When a browser instance connects to an application on the server, it gets bound to three items viz., protocol, port (if provided) and host/domain. The browser does not allow communication from a javascript to be sent to a URL if any one of these three is different from the application’s URL. If you are an AJAX developer keep this in mind and do not try to make an AJAX request to a different URL from the javascript of your application. It won’t work.
