Browser same origin policy workaround

Browser same origin policy is to disable the original document from a domain accessing other document from another domain (cross domain). This policy has been introduced to prevent certain kinds of cross scripting attacks such as hijacking the user to remote site, stealing the cookies and impersonating the victim, key stroke logging e.t.c. This policy is enforced in most modern browsers(IE enforced this from version 8).

There is exception to the policy and it allows dynamic loading of script documents from another domain.  Using this exception we can call services from another domain that can return the JSONP format results. JSONP supports “On-Demand-JavaScript” which is ‘Ability to add new java script to the existing code dynamically by calling a service’.  When a service claims that it can give the result in JSONP format means that it actually returns the java script  which contains function invocation with the service results as parameter to that JavaScript function. e.g. If we call the following twitter search URL in the java script http://search.twitter.com/search.json?callback=foo&q=twitter. The call will return the java script method invocation foo(‘JSONData’) where ‘JSONData’ is  the service results (Twitter search results in this case). We need to define a java script function named foo which takes a JSON format parameter and do the processing.

The other workarounds are

Flash Policy files(http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html)  – The Cross domain needs to have a configuration file (cross-domain.xml) which mentions whether to allow the cross domain traffic or not. When cross domain hosts this file then we can make any type of call (Web service, Json, Html e.t.c) to the cross domain. There are many free third party Add-ons to support this. The popular one is “flxhr”

IE8 XdomainRequest – http://msdn.microsoft.com/en-us/library/cc288060%28vs.85%29.aspx

JSONRequest ( http://www.json.org/JSONRequest.html ) – Server doesn’t need to support the JSONP format  – This is in proposal not yet adopted or implemented by any browser or forum .




Advertisements
Posted in Web Development | 6 Comments

Aboute Me

I’m a full stack developer and have held roles in engineering & product.  Currently helping businesses increase their revenue. I do everything it takes to reach that goal. That can involve coding, design, analytics, A/B testing, etc.

Here is the executive summary of my skills.

  • Microsoft Certified Professional Developer for .NET 4.0 Web applications(MCPD Transcript ID: 706972, Access Code: access80,  https://www.mcpvirtualbusinesscard.com/VBCServer/thirumk/profile)
  • LinkedIn Profile : http://www.linkedin.com/in/thirumk
  • Eleven years of IT experience with experience on all stages of Software Development Life Cycle (SDLC) involving Analysis, Design, Development, Database Design, Production Implementation and Maintenance of Server/Internet/Intranet/Client Server applications using technologies .Net Framework, ASP.NET, C#.NET, BizTalk, Sitecore, Share Point, WCF and traditional ASP, XML, COM, Delphi and VB with backend as MS SQL Server, Oracle, MS Access.
  • Development experience in ASP.NET 1.0/2.0/3.0/3.5, 4.0, C# 1, 2, 3, 4 and VB 9.0.
  • Development experience in public facing websites.
  • Site core development experience involving sub layout development, template development, pipeline development and view renderer development.
  • BizTalk 2006 development of Schemas, Maps / Transformations, Orchestrations, Standard and Custom Pipelines, SQL Adapter, Flat file conversions, and .NET component integration
  • Share Point 2007 (WSS/MOSS) development in application pages, web part development, lists and libraries, content management
  • Development experience in WCF Web Services / Data Interfaces, ASP.NET Handlers and Microsoft binary remoting.
  • Development experience in ADO.NET, Strongly Typed Datasets, Custom Object development and Entity Framework
  • Experience in the practice of various Software Development Life Cycle (SDLC) practices including Agile development methodology
  • Strong Database Knowledge using Microsoft SQL Server 2005/2000 and Oracle involving Stored Procedures, T-SQL, cursors and indexes.
  • Development experience in multiple countries which are USA, UK and India.
  • Good exposure to Wholesale Banking, Retail Banking, Insurance, Legal Research, Benefit management and Real Estate Listings.

Here is the summary of my skills

Name : Medampalli, Thirulogachandar (Thiru)
Educational Qualification : Bachelor of Engineering(Computer Science), University of Madras
Experience : 10+ Years
Languages : C# 1.0/2.0/3.0/4.0/5.0, VB 6.0/9.0, .NET Framework 1.2/2.0/3.5/4.0/4/5, ASP 3.0, Delphi 5.0/6.0/7.0, Java 2.0, C/C++.
Server Technologies : ASP.NET 2.0/3.5/4/4.5, MVC3/4, BizTalk Server 2006, Microsoft Office Share Point Server 2007, Sitecore 6.4, WCF.
Client Technologies : HTML 4/5, CSS 3, XML, XSLT, JQuery and JQuery Add-ons –  Dyna Tree, JQ Plot, JsTree, JQuery UI, DataTable, qTip, Knockout, Underscore.
Databases : Oracle 8/9i, MS-SQL Server 2003/2005/2008.
Development Tools : Visual Studio 2012/2010/2008/2005/2003/6.5, Resharper 4.5, NUnit 2.4, MS Unit Testing framework, RAD Controls, Nlog, Toad 8.0, PL/SQL Developer 6.0, Crystal Report 11, Firebug, Type Mock 4.0,  Autofac 2.5, FakeItEasy 1.7, VSS 6.0, PVCS 7.0, Tortoise SVN 1.5, WinCVS 1.8 and Mercurial Tortoise HG, Spreadsheet Gear.
Framework : MVC, MVP, Entity Framework, Dependency Injection, Provider Framework, Microsoft Automated Test Framework.
External System Interfaces : Twitter API, Wikipedia API, Foursquare API, Facebook Page API, Flickr API, Microsoft CRM API.
Posted in Uncategorized | 1 Comment