Same origin policy seemingly inconsistent using the jQuery AJAX API

Question

Same origin policy seemingly inconsistent using the jQuery AJAX API

I am trying to understand how the same origin policy (SOP) applies in different situations.

I have the following JavaScript code written in a local HTML file and working with Chrome on Windows:

$(document).ready(function () {
    $.get("http://www.quandl.com/api/v1/datasets/FRED/GDP.json", function (r) {
        window.alert(r.source_name);
    });
});

It works by giving me data retrieved from another domain ( www.quandl.com

). However, if I change this to google.com

, the callback is not called:

$(document).ready(function () {
    $.get("http://www.google.com", function (r) {
        window.alert(r);
    });
});

+3

javascript jquery ajax same-origin-policy

KFL 16 Aug '14 at 3:13

source to share

1 answer

AstroCB · Accepted Answer · 2014-08-16T03:34:43+0000

I believe the inconsistency here is because the first resource has a header Access-Control-Allow-Origin: *

, so it supports CORS and allows scripts from all domains to access data using AJAX and XMLHttpRequests .

Unlike google.com

not, so trying to access it from a different domain will give you the usual errors.

Adding this header to any page will cost the same origin policy. You can also do Access-Control-Allow-Origin: domain

to only allow requests from the domain domain

.

Check out this one for more information on CORS support.

Same origin policy seemingly inconsistent using the jQuery AJAX API

More articles: