Generally, when we want to show the contents of some web page in the same page, we go for ajax requests. If say, I request to a web page in different domain with AJAX, it is not allowed because of the Cross side scripting error. But why is it allowed to access via a server side page. For e.g. we can use CURL in php to access any site.? Why is this feature OK for server side scripting and NOT OK for Client Side Scripting?
Because a malicious script can open an external page without the premission of the user. For instance imagine an insecure textarea. If the contents of this textbox is shown to other users it might contain a script that connects to a remote host and sends sensitive user info to it. It all boils down to: server-side -> you are in control, client-side -> public, so prone to abuse.