Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

JavaScript AJAX Basics AJAX Concepts AJAX Security Limitations

Posted by vamosrope14
vamosrope14
14,932 Points

I don't understand what he means?

.

6 Answers

Steven Parker
Steven Parker
231,268 Points
Steven Parker
Steven Parker
231,268 Points

It's not just any specific web server you can make requests to, but the same server that your page loaded from. A request made to any server other than the one that hosts your page is a "cross origin" request.

This kind of a request might be possible, but only if the server allows it and you provide extra information in the request header.

vamosrope14
vamosrope14
14,932 Points
vamosrope14
vamosrope14
14,932 Points

.

Steven Parker
Steven Parker
231,268 Points
Steven Parker
Steven Parker
231,268 Points

It's the other way around. You can make multiple requests to the same server your page loaded from. Those are all allowed by the "same origin" policy.

You only run into trouble when you try to make requests from some server other than the one your page is hosted on.

vamosrope14
vamosrope14
14,932 Points
vamosrope14
vamosrope14
14,932 Points

.

Steven Parker
Steven Parker
231,268 Points
Steven Parker
Steven Parker
231,268 Points

Not just from one .. but from the same one that hosts the website itself.

vamosrope14
vamosrope14
14,932 Points
vamosrope14
vamosrope14
14,932 Points

.

vamosrope14
vamosrope14
14,932 Points
vamosrope14
vamosrope14
14,932 Points

.

Steven Parker
Steven Parker
231,268 Points
Steven Parker
Steven Parker
231,268 Points

Right, except only the same server. Other servers in the same domain are still considered cross-origin.

vamosrope14
vamosrope14
14,932 Points
vamosrope14
vamosrope14
14,932 Points

.

Steven Parker
Steven Parker
231,268 Points
Steven Parker
Steven Parker
231,268 Points

That's what this video lesson is telling you. To access other websites, your host site must act as a proxy, or your requests must contain CORS information in the header (and the other server must allow it).

It is considered "cross-origin" because the server you are making the request from is not where your page was loaded.