You are hereFixing AJAX and XMLHttpRequest


Fixing AJAX and XMLHttpRequest


By hagrin - Posted on 04 August 2006

O'Reilly.Net has a great article about "fixing" the XMLHttpRequest object when creating Web 2.0 AJAX web applications.

The article talks about how browser security settings prevent AJAX applications from accessing third-party web services and, more importantly, how to code around those restrictions. True, the workarounds are "gruesome", but they do work and can provide web developers the ability to circumvent browser security.

Of course, that's the good, but what about the bad? Well, two points immediately jump to mind - security and why. Circumventing security measures to get additional functionality is usually a bad thing and I forsee a possible exploitation in this area (although, those vulnerabilities are more browser/user defined security related than an AJAX problem). However, with all of this, one does have to question the validity in creating an AJAX application in this scenario and if coding around restrictions really becomes beneficial when doing a cost/benefit analysis. I believe the addage "select the tool best suited for the task" really applies here and everyone hyped up over the AJAX craze should take a step back and realize AJAX is not the answer to every web development project.