Sometimes it's just silly...

I understand the reason and thinking for the fact that you can’t use Javascript XMLHttpRequest to call scripts from remote servers…but the fact that all you have to do is use it to call a local script that in turn calls the remote server renders the whole thing a little moot no?

In the case of Chrome extensions, you just need to make sure you’ve set the proper permissions for any XMLHttpRequest calls…which also makes me question why do we have to do it at all (those that are going to be malicious are going to find it very easy to get around these ‘requirements’ and those of us that aren’t just find them a tad annoying to be in the way in the first place).

Anyway - just a little 'security’ gripe I’ve had for awhile now.

This post has received 41 loves.


This is the personal blog of Kevin Marshall (a.k.a Falicon) where he often digs into side projects he's working on for and other random thoughts he's got on his mind.

Kevin has a day job as CTO of Veritonic and is spending nights & weekends hacking on Share Game Tape. You can also check out some of his open source code on GitHub or connect with him on Twitter @falicon or via email at kevin at

If you have comments, thoughts, or want to respond to something you see here I would encourage you to respond via a post on your own blog (and then let me know about the link via one of the routes mentioned above).