Handling Cross-domain XMLHttpRequests
Premshree Pillai, Technical Yahoo!, Yahoo! Inc.
Date: Wednesday, July 26
Time: 10:45am - 11:30am
Location: Portland 255
Given the number of web services we can make use of -- Yahoo! Web services, Google, Flickr, etc. -- in Ajax apps (meaning those where we use XMLHttpRequest objects), we need a solution to overcome the XMLHttpRequest object's cross-domain limitation.
The typical solution used to overcome the cross-domain limitation is to use a server-side script-based proxy -- a local server script that internally makes HTTP requests to the external web service. Now this is a simple solution -- no doubt -- but this requires that you create a new proxy for every web service that you use. Since, essentially, the script-based proxy is just, well... a proxy, wouldn't it be better to have a simpler solution, one where you don't need to take the trouble of creating a script for each proxy?
This presentation will talk about other solutions that can be used to overcome XMLHttpRequest's cross-domain problems:
- Overriding browser security
- The "script" hack: adding a script node dynamically
- An Apache-based proxy