Current time: 07-18-2018, 05:28 AM Hello There, Guest! (LoginRegister)

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Cookieless domains and XSS issues?
04-23-2011, 12:56 AM
Post: #1
Cookieless domains and XSS issues?
Our site is getting dinged pretty hard on "cookieless" domains. For example:

Home page is http://www.domain.com
We use the following CDN domains:
js.domain.com (javascripts)
css.domain.com (css)
graphics.domain.com (images, media, graphics, etc)
images.domain.com (static images associated with our customers)
video.domain.com (video files served up for our pages)

All of the CDN domains are Akamai, with a dedicated server in our data center for origin, except for the images and video domains, which have Akamai NetStorage as origin.

We set a cookie on domain.com (not http://www.domain.com), so obviously all of our CDN domains are "cookied". We have to set this cookie domain-wide, since we have multiple hostnames under domain.com (such as ww1.domain.com, ww2.domain.com) which are used for our A/B testing, etc, etc.

We are looking to move to a "cookieless" domain for the stuff that doesn't require a cookie. Obviously we can get quick wins by setting up css.domaincdn.com, graphics.domaincdn.com, etc.

The one I am concerned about is the js.domaincdn.com - will we run into any XSS issues? Or will this only occur if the javascripts require access to the domain.com cookies?
Find all posts by this user
Quote this message in a reply
04-25-2011, 05:25 AM
Post: #2
RE: Cookieless domains and XSS issues?
There should not be any cross-domain issues in moving the js to another domain.

AFAIK for cross-domain stuff, the browser is only concerned about the hostname of the page that the javascript is being run on, but not the hostname of the actual javascript files.... -- not entirely sure

cdnplanet.com: We help you select the right CDN
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)