We are doing a jQuery post out to a jsp file.
We are including the full url to the jsp file that will return a string but in IE and FF the request is being blocked.
Is there a way around this?
$.ajax(
{
type : "post",
url : "http://www.mydomain.com/my.j开发者_运维百科sp",
data : {string:"some string"},
success:doSuccess
}
Changing the post to a get net's us the same data but would it also cause an XSS issue?
does using $.get have XSS issues?
You can reformat your output as JSONP. Full description here:
http://api.jquery.com/jQuery.getJSON/
Just for reference, the reason that your browsers are blocking this is to prevent cross domain scripting attacks: http://en.wikipedia.org/wiki/Cross-site_scripting . JSONP adds 'padding' to your string and prevents the string becoming a threat.
Are you doing a cross domain ajax request? What is the domain of the page which request the ajax resource?
Due to security reasons, support for cross domain ajax requests are limited.
This may give some input to you.
精彩评论