Hey Christoph, Christoph a écrit : > is there a possibility to solve this security problem?
It is NOT a problem. It is a SOLUTION. Allowing AJAX to cross-site would open the flood on XSS attacks all over the place, circumventing corporate firewalls entirely. The traditional approach, used by most apps and online portals, is to have a "proxy" script on the same server, which takes the URL as its argument, grabs it on the server side and sends the response untouched to the client side. It's used for RSS/Atom feeds, REST-based (or even SOAP-based, heavens!) web services, etc. -- Christophe Porteneuve aka TDD [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
