Maybe some of you can help me get a better understanding of the javascript same origin policy.
The same origin policy is defined as following (http://en.wikipedia.org/wiki/Same_origin_policy):
In computing, the same origin policy is an important security concept for a number of browser-side programming languages, such as JavaScript. The policy permits scripts running on pages originating from the same site to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites.
I have deployed a GWT application to the Google App Engine with url
http://metalsandstocks.appspot.com
Since GWT compiles all java into javascript this means my app is deployed as javascript. Since this is an ajax application I assumed that it would be required to abide by the same origin policy. The app uses ajax to make calls to a different domain(http://finance.yahoo.com)in order to get real-time stock quotes for dispaly to the user. The app works as described yet it has a different domain than the one it calls for it's updates. Does this app violate the same origin policy? Why or why not?
See Question&Answers more detail:os