HTML and CSS Reference
In-Depth Information
The following is an example of a cross-domain request that you could make:
var CORSRequest = new XMLHttpRequest();
CORSRequest.onload = function(e){
// Process returned data
}
CORSRequest.open('GET', 'http://nimbupani.com/
data.json');
CORSRequest.send( null );
We note that the browser throws an error saying such access is forbidden, as shown
in the following screenshot:
Now, in our .htaccess file hosted on http://nimbupani.com , we will uncomment the
following directive:
# <IfModule mod_headers.c>
# Header set Access-Control-Allow-Origin "*"
# </IfModule>
Let us try our code again. Aha! Now it works!
This is the least restrictive setting, which can allow any domain to make an AJAX
request on your server. It is fairly trivial to make a very high volume of requests be-
cause of this and also to pretend it's your site and fool the visitors, and so on. Use
this setting with care.
CORS-enabled images
Typically, browsers allow all images to be linked from any other domain. This is called
hotlinking . Read more about it at en.wikipedia.org/wiki/Inline_linking .
If a high-traffic website links to assets that are hosted on your server, your hosting
provider might even fine you for excessive use of bandwidth (or your site might
go down!). If you want to prevent this, for example, if you do not want ht-
Search WWH ::




Custom Search