No announcement yet.

"Same origin policy" work around?

  • Filter
  • Time
  • Show
Clear All
new posts

  • "Same origin policy" work around?

    well, it's been a while since the browsers yanked "cross site scripting (XSS)" support due to security flaws, the browsers called this action the "Same origin policy", meaning that any scripting (ajax) type stuff is no longer allowed unless the client page and the script response are served from the same origin or domain.

    there have been a few secure work-arounds developed, one is using json on the server side while called from within a <script> tag on the client page, another is to serve the "outside origin page" via a proxy,

    I would like to be able to "select" (highlight) and record start & stop positions of selection from an external page (cross-site), does anyone have any idea if this can be done with the new browsers ?


  • #2
    Because of CSRF I would hope that this would be difficult, if not impossible, to do.
    Sr. Software Development Engineer and Sr. Information Security Analyst,
    CEH, Digital Forensic Examiner


    • #3
      Hi Thomas, appreciate the response!!

      but, that doesn't have to be true, (the CSRF/XSRF stuff), I do not want to write or submit anything, all I want to do is to be able to load an external page into a DOM environment for my own site book-marking,

      and FWIW, I have found a few ways to do it I believe, (which are secure for the external site), the most promising looks like Curl