Monday, May 20, 2024
Homepage · security
 Popular · Latest · Hot · Upcoming
10
rated 0 times [  14] [ 4]  / answers: 1 / hits: 25307  / 15 Years ago, fri, may 29, 2009, 12:00:00

I'm making a RESTful web service call in my JavaScript page and get the following warning:



This page is accessing information that is not under its control. This poses a security risk. Do you want to continue?



Now I've read up on this and am aware of the cross-domain, same origin policy. However, I don't get such warnings when I consume other APIs like Google's Maps API. Clearly the domain is not the same as my local domain. What is the difference?



My initial guess is that Google is 'imported' into the page using the <script> tag while my REST consumption is using XMLHttpRequest. IF that is the case, what is the difference between these two approaches that one would merit a warning and the other not?


More From » security
 Answers
22

The following might explain things:
http://markmail.org/message/5wrphjwmo365pajy



Also, they employ some script hacks (e.g. inserting a script into the DOM to get requested data, instead of XHR).


[#99428] Tuesday, May 26, 2009, 15 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
alejandro
Add To Favorites
Follow
Total Points: 231
Total Questions: 102
Total Answers: 107
Location: Jordan
Member since Wed, Jun 17, 2020
4 Years ago
alejandro questions
Mon, Jul 18, 22, 00:00, 2 Years ago
Fri, Sep 18, 20, 00:00, 4 Years ago
Thu, Sep 10, 20, 00:00, 4 Years ago
Sun, Aug 9, 20, 00:00, 4 Years ago
Thu, May 21, 20, 00:00, 4 Years ago
View All
;