I am a bit confused about 2 things related to cross domain stuff.
Say I have 2 domains; mydomain.com and otherdomain.com
Now on mydomain.com, what all are the allowed things that can be accessed from otherdomain.com ? I mean can we have
<img src="otherdomain.com/xyz.jpg">
Similarly can we directly use otherdomain.com in iframe src ? What all are allowed by default? What can be done to prevent access from otherdomain.com's perespective ?
2nd part is related to JavaScript/AJAX. Is otherdomain stuff blocked by default in script related thing ? Using AJAX, can I by default make a requst to otherdomain.com ? Is it allowed? What can be done to get response from otherdomain.com, if it is not allowed ?
Thanks a lot.
Read Wikipedia.
You cannot read from another domain (unless it allows you to).
You can display or execute content from another domain (eg, using an image, frame, or script tag), but you can't read it directly from your code.
Thus, you cannot send an AJAX request to another domain, and you cannot read the contents of an image, frame, or script tag that was loaded from another domain.