Cross Domain Ajax

Launching Ajax in cross domain is a difficult task considering the security properties that is usually attached to the coding language. The main “culprit” of cross domain prevention is the same origin policy that is enforced in most Ajax based programs and websites. This is actually a security measure. Same origin policy virtually prevents other websites or sources to change the configuration or settings of the program. You can see this feature especially in XMLHttpRequest wherein all the commands and results that will be loaded from this command could only be loaded in the same website or software. Other configurations or commands coming from other sources are blocked by virtue of the same origin policy. The sole reason why same origin policy is virtually enforced in Ajax based sites is security. Without this, Ajax is an open door to all hackers. Although cross domain is possible and are actually beneficial to developers, it’s also a stage where website infiltrators could easily access. You will eventually find out that even though you can unload Ajax in other websites, it could be loaded in other websites other than your own as well. For this reason, developers have compromised so that security is ensured in Ajax based website. The bad thing about same origin policy is not actually in the stricter settings but on the set up. If you want to create the same origin policy you have to make sure everything comes from you. The developers’ server will have to powerful enough to handle requests. If you’re creating a pretty popular Ajax based website, the same origin policy will prevent other domains and server to access what you have. That means you have to increase the power of your server which will virtually cost you thousands of dollars if you’re expecting thousands of visitors in your website in a daily basis. There is actually a trick on how you could activate cross domain even though you’re activating the same origin policy. Placing the different source in proxy will “fool” the website into accepting the commands. This is very efficient since only the administrator can set up the proxy settings. If you’re an administrator it’s relatively easy to use multiple sources if they are properly set up. However, you have to remember that anything outside the original source could still be hacked. It’s quite possible to use another proxy setting so that the website will acknowledge the command. That’s another security measure that any developer should think of. So the developer has to weigh the option of using the same origin policy with proxy or forgetting about the same origin policy so that cross domain could be implemented. But as best practice would suggest, developers will always go for the same origin policy and deal with the security measures later. The same origin policy will somehow buffer the security measure. With a little bit of proxy setting, developers will always have the option of using difference sources so that somehow the website could ultimately work efficiently.