All geek questions in one place

Can cross-domain requests be resolved using CNAME records?

I know that there are so many cross-domain issues, but I could not find what I was looking for.

I would like to make an AJAX client request from a.com to b.com, which is obviously not allowed. I thought that if I created a CNAME → b.com CNAME record, the browser would allow this request, as this means that someone who owns the a.com domain wants to explicitly allow requests for b.com, but I still until now I get access -Control-Allow-Origin, which does not allow the request. Is this query unable to complete with CNAME?

Note. I have no control over b.com, so I can’t set the headers there.

+4
source share
2 answers

No. (But I have a real explanation)

“Traffic rules” for “cross-domain requests” are usually governed by a “Policy of the same origin” (see: W3C Comment , Wikipedia , Google Browser Security Guide , Mozilla Developers Network )

The W3C states that:

The origin is determined by the scheme, host, and port of the URL.

According to this definition, even requests from foo.com to bar.foo.com will be blocked.

In your example, you suggest creating a CNAME for bar.foo.com that points to bar.com (I assume you had a typo) to allow bar.com requests through bar.foo.com . But, as I said above, even requests coming from foo.com will be blocked on the client side from HTTP requests to bar.foo.com .

The Mozilla page has this specific example:

Mozilla believes that the two pages are of the same origin if the protocol, port (if specified), and the host is the same for both pages. the following table provides examples of origin comparisons with the URL http://store.company.com/dir/page.html :

URL | Result | Cause

http://store.company.com/dir2/other.html | Success
http://store.company.com/dir/inner/another.html | Success
https://store.company.com/secure.html | Failure | Various protocols http://store.company.com:81/dir/etc.html | Failure | Different port http://news.company.com/dir/other.html | Failure | Different host

+9
source

No.

I have never heard of CNAME as a workaround for this problem, so I think it is safe to assume that this is not a solution to your problem.

+1
source

Source: https://habr.com/ru/post/1387653/

More articles:


All Articles