AJAX - Same Origin Policy Protection

• A key element of AJAX is the XMLHttpRequest (XHR)

• • Allows JS to make asynchronous calls from the client side to server

  • However, as a security measure these requests may only be made to the server from which the client page originated

This exercise demonstrates the Same Origin Policy Protection. XHR requests can only be passed back to the originating server. Attempts to pass data to a non-originating server will fail.