Cross-domain XHR/AJAX : a possible workaround?

Question

I just had an idea to make cross-domain AJAX calls, because so far they really are a PITA to deal with. This is a solution I haven\'t seen exposed anywhere on the web, so it mig

Answer 1

This is workable but keep in mind that you're allowing your server to be told, by a client, what data to download. Depending on your implementation, it could be fairly harmless but it could easily bite you in the ass if it's not secured (perhaps limit it to very specific domains?).

For instance, someone could send multiple requests to your handler that returns, say, a Linux ISO or something illegal.