> Ok I get that you can't request across domains

It's more than domains, it's origins, which goes all the way to the
(apparent) machine level.  If you have a page served from (say)
http://server_a/somepage.html you _cannot_ use XHR (the vendor's code
or Prototype) to do a request to (say) http://server_b/somehandler.aspx,
because "server_a" and "server_b" are different origins.  Do have a
read through of the link Walter gave you for details, this even goes
to the protocol level (http and https are different protocols, hence
different "origins").

If both machines are in the same domain (in the URL sense, not the
Windows sense) and you can reference them with their fully-qualified
domain name (e.g., so http://server_a.mycompany.com/somepage.html is
doing the XHR request to http://server_b.mycompany.com/somehandler.aspx)
you MAY be able to work around this by having both sides (request and
response) set document.domain to "mycompany.com" (see Walter's SOP

> ...but it doesn't explain
> why my code on pastie (http://pastie.org/462963) works but the prototype
> code doesn't.

Could it be that you're serving the vendor's code from a different
server than your Prototype code such that the SOP isn't being
violated?  If you serve the vendor's code from the same machine you're
serving your Prototype code, you'll run into the same security issue,
it's at the browser level.

Or, of course, something else is going on. :-)  But I'd arrange to put
the vendor's page alongside your Prototype page to rule out SOP issues

T.J. Crowder
tj / crowder software / com
Independent Software Engineer, consulting services available

On May 5, 11:04 pm, "Russell Keith" <russell.ke...@aacreditunion.org>
> Ok I get that you can't request across domains, but it doesn't explain
> why my code on pastie (http://pastie.org/462963) works but the prototype
> code doesn't.
> J. Russell Keith, MCDST
> Branch Suite Administrator
> American Airlines Federal Credit Union
> 817.931.4459 Direct
> 817.963.9541 Fax
> russell.ke...@aacreditunion.org
> -----Original Message-----
> From: prototype-scriptaculous@googlegroups.com
> [mailto:prototype-scriptacul...@googlegroups.com] On Behalf Of Walter
> Lee Davis
> Sent: Tuesday, May 05, 2009 4:58 PM
> To: prototype-scriptaculous@googlegroups.com
> Subject: [Proto-Scripty] Re: help with ajax.
> That's not the sort of domain I was referring to. 8-)
> http://en.wikipedia.org/wiki/Same_origin_policy
> Walter
> On May 5, 2009, at 5:40 PM, Russell Keith wrote:
> > I am sending the request from one internal server to another server.
> > However one of the servers is a Linux box that wouldn't be part of the
> > Microsoft domain.
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to