18.05.2019 · EthicalHacking bWAPP CrossSiteScripting This is the demonstration of Cross-Site-Scripting attack on Ajax webpage with JSON response and for this demo, I'l. Enable cross-origin requests in ASP.NET Web API 2. 01/29/2019; 12 minutes to read 5; In this article. by Mike Wasson. Browser security prevents a web page from making AJAX requests to another domain. This restriction is called the same-origin policy, and prevents a malicious site from reading sensitive data from another site. However.