HTML5 XmlHttpRequest 2 vs Flash\Silverlight approach to cross-origin requests
Join the DZone community and get the full member experience.Join For Free
In case of Flash\Silverlight a policy file crossdomain.xml is created for the site. This file would contain a list of all sites that can make a cross domain request to this site. For example, if http://yoursite.com lists http://friendssite.com in crossdomain.xml file, then http://friendssite.com is allowed to access all the resources of http://yoursite.com. Here the access control mode is set to per site. XHR 2 on the other hand, follows a different approach altogether. It works on the per page access control model. In this case, every page has to respond with a 'Access-Control-Allow-Origin' header to the foreign site. With this approach only a part of a website can be accessed by a foreign site, keeping the rest of the website inaccessible.
Published at DZone with permission of Sagar Ganatra, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.