angularjs knockout.js ember.js xss javascript-framework

Cross-site scripting with Javascript framework

We are thinking about implementing our new module with a Javascript framework GUI and Java backend. The plan is that we call Ajax calls from the GUI to get the data from the backend.

Our worry is (due to our inexperience) is that if we deploy the GUI to http://server1 and the Java backend to http://server2, then wont the relevant Ajax calls from server1 to server2 qualify as Cross site scripting? How can we prevent this in javascript frameworks?

(We are looking at Angular, Knockout, Ember.js, etc)

Solution

Have a look at CORS (Cross-origin resource sharing) http://en.wikipedia.org/wiki/Cross-origin_resource_sharing

You basically need to specify, in the header of the response from the web service, which referers are allowed.

For example:

Access-Control-Allow-Origin: http://server1

Is it safe to resolve a promise multiple times?
Authentication approach to be use in asp.net Web api and angular js
Angular pagination - update data onclick
AngularJS Paging orderBy only affects displayed page
aws api gateway whitelist reactjs app ip address
Javascript: How to read a hand held barcode scanner best?
Validate Bangladeshi phone number with optional +88 or 01 preceeding 11 digits
how to disable google analytics on localhost
Angular ng build transpile TypeScript outside of app folders?
Web stress testing of AngularJS SPA ASP.NET MVC application in Visual Studio
AngularJS ng-style with a conditional expression
How to block +,-,e in input type Number?
How to change width of a Sidenav in Angular Material Design?
How to make a JSON formatter with JS and HTML?
How can I clear previous toastr before showing the new one and set a timeout between them?
If you are not using a .(dot) in your AngularJS models you are doing it wrong?
ionic framework on transition of page or navigation displaying black screen
Hybrid angularjs/angular app broken due to angular 13+ removal of deployURL
Appium Inspector - Call to 'switchContext' failed
Already included the file name.....?
Getting ERROR Error: Uncaught (in promise): NullInjectorError: No provider for eF, when I hit the route whose component uses the service
How to avoid loading data from server every time doing sorting/paging with ngtable
How to do paging in Angular manually
How to best perform paging and sorting from multiple sources in JavaScript mashup
Pagination Navigation Not Displaying All Pages in React Component
angularjs code changes do not show up after browser refresh
SurveyJs with QuillJS and custom module counter
How to display video or image in single tag?
Application Structure API Consumed by Mobile & Web (React, Angular, etc)
Angular Form Validation $invalid not working