0

From my understanding of what I have read thus far, the below piece of code hosted on a domain other than "jsonplaceholder.typicode.com" must fail, but it does not. Why? It is a AJAX Cross Domain request.

<!DOCTYPE html>
<html>
<body>

<div id="demo"><h2>Let AJAX change this text</h2></div>

<button type="button" onclick="loadDoc()">Change Content</button>

<script>
function loadDoc() {
  var xhttp = new XMLHttpRequest();
  xhttp.onreadystatechange = function() {
   if (xhttp.readyState == 4 && xhttp.status == 200) {
      document.getElementById("demo").innerHTML = xhttp.responseText;
   }
  };
  xhttp.open("GET", "http://jsonplaceholder.typicode.com/posts/1", true);
  xhttp.send();
}
</script>

</body>
</html>

But this works fine, without using any tricks like JSONP. Why?

abhayAndPoorvisDad
  • 3,477
  • 2
  • 15
  • 17
  • I did not get the answer I needed. Again, the above piece of code works when it should not. Request someone to answer why it succeeds. – abhayAndPoorvisDad Dec 15 '15 at 09:17
  • The duplicate question explains several ways to bypass the same origin policy. The site you reference uses one of those. (Questions which depend on a third party resource to understand them are not a good fit for Stackoverflow anyway). – Quentin Dec 15 '15 at 09:30
  • Thanks a lot for answering!! I will be more careful on what I test agaist. – abhayAndPoorvisDad Dec 15 '15 at 09:38

0 Answers0