W
W
WebDev2018-11-28 16:19:51
JavaScript
WebDev, 2018-11-28 16:19:51

Why disable ajax requests from other domains?

Please explain why Ajax requests to other domains are disabled by default? After all, any attacker can proxy a request through the backend or, for example, change hosts and open their site under a foreign domain.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
L
Lynn "Coffee Man", 2018-11-28
@Lynn

Do you want me to transfer all your money with a request to sber.ru or post something interesting on your wall with a request to vk.com?
In proxying through the backend, there is no my authorization in the browser and this is the most important thing

D
Dmitry Esin, 2018-11-28
@SunDeath

Try to formulate the answer to this question yourself first.

P
profesor08, 2018-11-29
@profesor08

They are not prohibited. It's just that the server you want to contact doesn't want it. The browser understands this and blocks the request. That's all. If the server allows, then the browser will understand and not block the request.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question