Difference beetween http://www.app.in and http://app.in
-
24-10-2019 - |
문제
What is the difference between http://www.app.com and http://app.com
and how it affects to cross-domain policy of Ajax
I mean i added ajax request in app
$.ajax({
type: "POST",
url: "http://app.in/getToken",
contentType: "text/html",
success: function(msg) {
alert(msg);
}
});
it works in chrome but not in firefox
Whats the issue?
Thanks
해결책
See the Same Origin Policy chapter of Michal Zalewski's Browser Security Handbook. www.example.com is a different domain than example.com under same-origin policy.
As Deanna points out, scripts can communicate with each other through iframes or separate windows if the subdomain sets its document.location
to the higher domain. However, setting document.location
has no effect on XMLHttpRequests; the domain and subdomain cannot send XMLHttpRequests directly to each other.
다른 팁
They are different sites. IIRC, there is a tag you can add to each site saying "this is the same site" for XSS but I can't remember detaisl or how standard it was. As for a solution, use relative URLs.