Difference beetween http://www.app.in and http://app.in

Question

What is the difference between http://www.app.com and http://app.com

and how it affects to cross-domain policy of Ajax

I mean i added ajax request in app

                 $.ajax({
                      type: "POST",
                      url: "http://app.in/getToken",
                      contentType: "text/html",
                      success: function(msg) {
                               alert(msg);
                          }
                    });

it works in chrome but not in firefox

Whats the issue?

Thanks

Answer 1

See the Same Origin Policy chapter of Michal Zalewski's Browser Security Handbook. www.example.com is a different domain than example.com under same-origin policy.

As Deanna points out, scripts can communicate with each other through iframes or separate windows if the subdomain sets its document.location to the higher domain. However, setting document.location has no effect on XMLHttpRequests; the domain and subdomain cannot send XMLHttpRequests directly to each other.

Answer 2

They are different sites. IIRC, there is a tag you can add to each site saying "this is the same site" for XSS but I can't remember detaisl or how standard it was. As for a solution, use relative URLs.