|
|
|
|
|
|
by eddieplan9
5688 days ago
|
|
|
That's extremely smart. XMLHttpRequest protects you via the same origin policy. But there are other ways (such as JSONP) to load JavaScript and bypass the same origin policy. It's not like you cannot opt out of things like JSONP, but this trick adds another layer of protection and is particularly useful in fighting XSSI. |
|
|