In the web application security model, the same-origin policy is an important concept. The basic principle is that content provided by unrelated websites must be strictly separated on the client side; otherwise, confidentiality or data integrity might be compromised, perhaps through cross-site scripting attacks. In other words, web pages or scripts running on pages can only access scripts or pages from the same domain as they came from; no access to other sites is allowed. For example,
http://www.example.com/dir/page2.html cannot access
http://en.example.com/dir/other.html. However, in a number of cases, this is too strict, as in AJAX calls with
HttpRequest we have to load data from another server (refer to Chapter 7, Working ...