Could making AJAX requests to a sub-domain be classified as Cross Site Scripting (XSS)?

I'm currently working on a setup where Server A (www.example.com) needs to send information to Server B. The catch is that only HTML / JS can be used on Server A, so all the data processing has to happen on Server B. My solution involves sending form data via AJAX instead of a traditional form post to Server B.

Now, I know that conducting an AJAX call across different domains is typically considered cross-site scripting (XSS) and not recommended. But I've been wondering - if I were to place Server B in a subdomain (sub.example.com), would that make it acceptable? How exactly are cross-domain errors detected by browsers? Do they use DNS records or IP addresses for this purpose?

Thank you in advance for any insights you can provide!

javascriptajax

Answer №1

When it comes to sub-domains, they are seen as distinct entities that do not adhere to the Same Origin Policy, unless both sub-domains explicitly set the same document.domain DOM property. However, it's worth noting that browsers may interpret this behavior differently.

Answer №2

Simply put: No, you cannot make cross-origin XHR requests due to the Same Origin Policy

XHR requests must be sent to the same host, port, and protocol.

If you want to bypass this restriction, consider using JSON-P.

(XSS poses a different risk, where malicious data can be injected into a site and executed as JavaScript, potentially allowing unauthorized access or data manipulation.)

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Challenges with navigating in a compact JavaScript application utilizing only a library called page.js

Currently, I am delving into the workings of a small routing library designed for javascript applications called page.js. To better understand how it operates, I created a very basic app for personal learning. However, I am facing issues making it function ...

javascriptnode.js

What is the method for returning a string array?

My query is about how to return a string[]. Currently, TypeScript is throwing an error because each element of the array has a type of ( T[keyof T] extends readonly (infer InnerArr)[] ? InnerArr : T[keyof T] ). How can I accept the 'property' arg ...

javascripttypescript

Explaining the process of defining `this.props` and storing data in the global Redux state

I am currently diving into the world of react and Redux and I'm using a react project on GitHub called overcode/rovercode-ui as a learning tool for understanding react and Redux. As I explore this project, I have come across some intriguing questions. ...

javascriptreactjsredux

Collaborate and connect a single store for both vue and electron applications

Storing data within electron's main.js to display reactively in a vue window has been a bit challenging. I have a store set up in store/index.js with state and mutations, which works fine when accessed individually from electron and vue. However, the ...

javascriptvue.jselectronvuexstore

Having trouble finding a solution because Ajax/JSON is only retrieving a single result from the PHP/SQL file

I am facing an issue with retrieving data through AJAX/JSON from another file containing a PHP While loop. The problem is that only one data is being returned instead of the expected 11 rows. Despite researching extensively on Google, YouTube, and other so ...

phpjquerysqljsonajax

"Exploring the possibilities of combining AngularJS with PHP to manipulate

Recently, I started diving into AngularJS and encountered a situation where I needed to fetch data from a database as an array using a foreach function. Here is a snippet of the code I used: <ul> <?php foreach($Items as $Item):?> ...

phpjavascriptangularjsangularjs-ng-repeat

The module for the class could not be identified during the ng build process when using the --

Encountering an error when running: ng build --prod However, ng build works without any issues. Despite searching for solutions on Stack Overflow, none of them resolved the problem. Error: ng build --prod Cannot determine the module for class X! ...

javascriptjqueryangulartypescript

What is the best way to divide a GraphQL schema to avoid circular dependencies?

I have a question that is similar to the issue of circular dependency in GraphQL code discussed on Stack Overflow, but my problem lies within JavaScript (ES6). The size of my schema definition has become too large, and I am struggling to find a way to bre ...

javascriptgraphql

Tips for retrieving information in addition to a promise

This particular function is designed to handle stock account data in a sequential manner, reminiscent of a state machine, with the ultimate goal of placing a sell order. The challenge I am facing is how to efficiently pass the account data to each state w ...

javascriptnode.jses6-promisestate-machine

Issue with setting .mtl properties in a custom shader in three.js

In my custom three.js application, I am loading an OBJ/MTL model for rendering. I am trying to apply a custom shader to the model, but the color and specular uniforms that I manually pass to the RawShaderMaterial are not updating correctly. Instead, they a ...

javascriptopengl-esthree.jsglsl.obj

Encountering issues with installing the "useHistory" hook in React

Currently working on a Google clone as a mini project and in need of importing useHistory from react-router-dom. My approach has been as follows: Step 1: Executed npm install --save react-router-dom (in the terminal) Step 2: Implemented import { useHisto ...

javascriptreactjsnpmreact-hooksreact-router-dom

How can I pass authentication details using jqGrid?

I am currently working with a service that has CORS support enabled. Typically, when making a server request, I create a request object using jQuery and include the withCredentials parameter set to true, which usually works well. However, I am facing an i ...

javascriptjqueryajaxcookiesjqgrid

Experiencing a RepositoryNotFoundError in TypeORM, although I am confident that the repositories are properly registered

I am creating a new application using Next.js + TypeORM and encountering an issue with the integration. RepositoryNotFoundError: No repository for "User" was found. It seems like this entity is not registered in the current "default" connection? Althoug ...

javascripttypescriptnext.jstypeorm

Conceal Segment within Google Doughnut Graph

I have implemented a Google Donut Chart. Occasionally, I encounter the following data: { DATA_1: 10, DATA_2: 15, INVALID_DATA: 10000000 (Large Number) } When this occurs, my valid data appears as a very thin slice or is not visible in the ch ...

javascriptchartsgoogle-visualization

Display a division upon clicking a hyperlink with a specific class

My goal is to display/fade in a <div> with an ID of "signInHold" when the <li> "Sign In" is clicked, utilizing the class signInActive on the <li>. <ul class="nav1"> <li class="nav2"> <a href="http://rocketcss.c ...

javascripthtmlcssajax

Extracting information from a hyperlink without the need to actually click on it

Hello, I have recently started learning JavaScript and I am looking to accomplish a specific task. Currently, I am navigating on A.com/. Within the content of A.com/, there is a link labeled as A.com/B. Upon clicking on the link A.com/B, I can see ...

javascriptjqueryhtmlajax

Is it the correct method to query names within JavaScript arrays?

I am looking to create a dynamic list view using React JS without relying on any pre-built components. My goal is to incorporate a basic search function that can find users by their names, and I need to address this issue... For example, I have drafted th ...

javascriptarraysreactjssearch

Unable to retrieve this object because of a intricate JavaScript function in Vue.js

For my VueJs project, I am utilizing the popular vue-select component. I wanted to customize a keyDownEvent and consulted the documentation for guidance. However, I found the example provided using a mix of modern JS techniques to be quite cryptic. <tem ...

javascriptvue.jsthisarrow-functionsellipsis

Tips for obtaining a variable step size in react-chartjs-2

I am currently utilizing Chart.js in typescript to create graphical charts. My objective is to dynamically adjust weight values while maintaining a specified minimum and maximum. Specifically, I aim to display 5 ticks on the Y-axis regardless of the incomi ...

javascriptreactjstypescriptchartsreact-chartjs

The implementation of the Flatlist React-Native component is causing a failure in populating my array, resulting in a

My goal is to load data from the backend and display it on the screen: async function fetchData() { try { const response = await api.get("data"); const newData = response.data; console.log(newData); setData(newData); cons ...

javascriptreactjsreact-nativereact-native-flatlist