The document discusses techniques for making cross-origin requests, including JSONP, CORS, and using Document.domain. JSONP works by dynamically inserting a <script> tag to load data via a JSON callback. CORS uses special request and response headers to allow cross-origin requests. Document.domain can make pages across different ports appear to be the same origin.

1. JSONP & CORS Same origin policy

2. Same origin policy(SOP) Document loaded from different origin are isolated each other Same origin  same transfer protocal,same host and same port Example, http://myapp.com/dir/page.html Different host Failure http://otherapp.com/dir/other.html Different port Failure http://myapp.com:81/dir/etc.html Different protocol Failure https://myapp.com/secure.html Success http://myapp.com/dir/inner/another.html Success http://myapp.com/dir2/other.html Reason Outcome URL

3. Error due to SOP Uncaught exception: Access to restricted URI denied, xhr.open(‘GET’, http://otherapp.com) Permission denied to get property Window.document, iFrame.contentWindow.document.body.innerHtml

4. JSONP(JSON with Padding) Mould both request to response Cross site callbacks Example, Client, http://myapp.com <script src=http://otherapp.com?jsonp=callbackfn/> function callbackfn(result){ alert(result.x+” “+result.y) } Server, http://otherapp.com Public void get(){ str callback = request.get(“jsonp”) response.write(callback+”{x:10,y:20}”) }

5. CORS Request header,Origin: http://myapp.com Response header, Access-Control-Allow-Origin:* Preflight request(POST) Request header, origin: http://myapp.com Access-Control-Request-Method: POST Access-Control-Request-Header: x-header Response header, Access-Control-Allow-Origin: http://myapp.com Access-Control-Request-Method: POST Access-Control-Request-Header: x-header Access-Control-Max-Age: 6000

6. Document.domain http://myapp.com:6666 http://myapp.com:9999 document.domain = myapp.com Same origin checks will get satisfied

7. Thank you