Generally, when we want to show the contents of some web page in the same page, we go for ajax requests. If say, I request to a web page in different domain with AJAX, it is not allowed because of the Cross side scripting error. But why is it allowed to access via a server side page. For e.g. we can use CURL in php to access any site.? Why is this feature OK for server side scripting and NOT OK for Client Side Scripting?
相关问题
- Views base64 encoded blob in HTML with PHP
- Is there a limit to how many levels you can nest i
- Laravel Option Select - Default Issue
- How to toggle on Order in ReactJS
- PHP Recursively File Folder Scan Sorted by Modific
See:
Same origin policy
Because a malicious script can open an external page without the premission of the user. For instance imagine an insecure textarea. If the contents of this textbox is shown to other users it might contain a script that connects to a remote host and sends sensitive user info to it. It all boils down to: server-side -> you are in control, client-side -> public, so prone to abuse.