Hi, the behavior of XMLHttpRequests in Android is very odd when doing cross domain requests. The browser should either fail with an error and not perform the request, or it should follow CORS (http:// www.w3.org/TR/access-control/) and start with an OPTIONS request to the remote domain. The Android browser (2.1 and 2.2) instead performs the request, which is received by the remote server (and this is the dangerous part both for data leaking and remote attacks), but the response is not set in the javascript (status of 0 and responseText null)
bye -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
