Friday, September 28, 2007

Cross domain XHRs and Localhost vs.

As of today, cross Domain XHRs are not "allowed" either in IE 7.0(?) or Firefox .   While testing this, I came across a very interesting find.

Firefox is so strict that it even treats ‘localhost’ and ‘’ as being different domains.  Here's a screenshot of the message from Firebug:


 IE [6.0] on the other hand is a very permissive [some would argue less secure]. It just displays a security dialog [even for a HTTP Get/Post to] and if user clicks 'Yes', it ALLOWS even Cross domain XHRs.



Technorati Tags: , , ,

No comments: