Thursday, March 8, 2007

XmlHTTPRequest cross domain calls

There is an article in MSDN that got some discussion going in Conscia yesterday. The key part was a statement that the XMLHTTPRequest object can't make cross-domain calls. Now, although not the ideal solution you can actually permit this.

In IE you can add the domain to trusted sites and change the "Access data sources across domains" option in the custom security menu. This should allow cross domain calls. In addition, you can sign your scripts in firefox and trusted scripts in firefox can make cross domain calls.

However, whether you can call services using this AJAX style on another domain out of the box if you make these changes is a cool thing to check for.

An example of an application proxy (for anyone interested) can be found here.
http://developer.yahoo.com/javascript/howto-proxy.html

No comments: