Ajax Advancement Vaporware

Thomas Powell

In the past few months there has been quite a stir about the latest browser releases (Firefox 3, Opera 9.5, and of course IE8) and what new features they bring.  One of the most interesting new features found in the two more popular browsers is the ability for Ajax calls to break the same origin policy (SOP) and make calls across domains.  Now this is a security nightmare waiting to happen and I had certainly commented on it in my Ajax book as well as in recent articles. Good idea or not the cross domain call feature was in place and sites all over trumpeted the new concept.  Web services advance! Web 2.0 from JavaScript! On and on.

Guess what, cross domain XHR calls are not in the shipping version and nobody seems to notice.  Google for it and hardly a peep…I guess new features whether they ship or not are cool, but the hard reality of what makes it out not so much.  Retractions just never really make the front page no matter what the medium.


p.s. Security consultants fret not.  IE8 is still planning on XDRs (that is an XHR for making cross domain calls) so you’ll have plenty of work in ’09!

Tell us about your project