2

Why is it that I can submit a form to an iframe with a cross-domain address but can't send an XMLHTTPRequest to that address?

Improve this question

1 Answer 1

Reset to default
4

For the very simple reason that your code doesn't get to see the result of the iframe post. Your script will be denied access to the iframe's DOM.

And keep in mind this is really the browser's security model, not JavaScript's.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Well, yeah, but wouldn't it make sense to allow XMLHTTPRequest but deny access to the response?
There's no scenario where allowing the XmlHttpRequest would make sense - failing early is better than failing late. Posting to an iframe, however, has plenty of real scenarios (like actually showing the iframe). If you need to make a request and you don't care about the result, consider a hidden image tag.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.