Cross Origin Ajax Requests Have Landed
A year ago I mentioned that cross origin Ajax requests were coming and then got backed out of the last version of Firefox Well they are back now and they do work in Firefox 3.5 IE 8 landed similiar functionality using something called an XDR (http://msdn.microsoft.com/en-us/library/dd573303(VS.85).aspx) Of course the big question is still, is this a good thing?
Simplicity of communication rules, so I’ll just answer directly. NO this really isn’t a good thing unless you are quite careful or you make some of your living as a security consultant.
A Note on Security
So read that carefully you should determine validitiy before using script from 3rd-parties, but here is the rub, is that going to stay constant? If you look once and then just use what’s to say that source doesn’t change or gets owned and then owns you? Absolutely nothing unless you are monitoring the script for changes with some proxy. Great idea, almost never done.
I am certainly not the only one who sees this and can’t say that this type of alarm ringing is novel. In fact we have been down this path before. Flash supports similiar technology using its CrossDomain.xml file and folks like Jeremiah Grossman clearly pointed out that out in the wild quite often it is done wrong and in many cases quite wrong. Now that Firefox and other browsers are supporting it natively I think we are going to see an explosion in cross-origin calls before there is a retreat as quality and security problems explode. Though that isn’t all bad, you do usually have to exercise something to shake out the problems, just be careful!
Accessibility on the Modern Web
There’s been a lot of buzz in the news lately about accessibility, specifically in reference to the dozens of ADA lawsuits that seem to be more and more...
Automated Visual Regression Testing
What is automated visual regression testing? The name sounds scary, but in reality, the idea is fairly simple. If you have a user interface (UI),...
Automated Testing Tool Comparisons
Automated testing is rapidly gaining popularity across the web development field, and as expected, the number of automated testing tools is growing rapidly as well....