Experimenting with CORS

As a follow up to yesterday’s post on CORS, I did some simple experiments to test it out to see if it’ll work specifically by using JQuery primitives. It was easy as pie to make it work. The following little experiment demonstrates the feasibility of using CORS to use the browser as a middle-man.

I just wrote a simple cors.php script and fired it up from the browser.

If the Access-Control-Allow-Origin: * header is removed, then the console log will show the following error:

XMLHttpRequest cannot load http://127.0.0.1/cors.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.

However, once it is in there, the console log shows the expected output, which is essentially the data payload being transmitted. My only concern now is the size of the data blob that can be transmitted via this method using JQuery. I gather that there should be a limit on the size of such a transmission.

Also, there is a concern on security. So, I will need to figure out a mechanism to protect the communications between the parties. There are many other Access-Control-Allow headers that can be returned such as those listed here.

This will require more research.

PS: According to this site, JQuery does not support CORS on IE. So that’s a browser limitation that I’ll have to keep in mind.

Advertisements

Published by

Shawn Tan

Chip Doctor, Chartered Engineer, Entrepreneur, Law Graduate.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s