How can remote web services be consumed from a client-side script? [closed]
https://stackoverflow.com/questions/324771
-
11-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
From what I understand, due to the "same origin policy" enforcement in current browsers, it's impossible to obtain data from an XmlHttpRequest sent to a different domain than the Javascript's original domain.
I have close to zero experience regarding this matter, so I'm confused about web services being unusable from Javascript. Does it mean that web applications with Ajax functionality can only interact with themselves without calling services provided by other domains ? How do "mash-ups" work ? I guess the services are consumed server-side, then the data is passed to the client via local Ajax calls. I don't know.
The only way I can imagine to achieve client-side consuming of services would be to retrieve a Javascript file directly from the target web service's domain via a <script> tag, then use its API to interact with the remote domain.
Can anyone enlighten me ?
Solution
In your question your mentioned the <script> trick. JSONP is based on that. It was formally proposed almost 3 years ago by Bob Ippolito. It doesn't give you the right to talk to the origin of the script — the origin is defined by your web page, not by what else it includes. It works only because the server wraps JSON in a calback function, which should be defined in your code, and will be executed by <script> when loaded. Most famous example of JSONP would be Yahoo services, including Flickr.
Another technique is to use window.name to transfer the information. This technique was detailed by Kris Zyp four month ago. Additionally his article compares window.name transport with JSONP. I don't know any high-profile service provider that supports this new transport. Obviously it will change over time.
Of course, I should mention the upcoming Microsoft XDomainRequest. It is being planned to be shipped with IE8, and no other vendors committed to support it, but it was presented for the inclusion in HTML 5. XDR is a useful piece of functionality, but I suspect it'll be changed several times before being accepted.
If you looked in the links you probably know by now that all these methods require a certain level of cooperation from a 3rd-party server. You cannot use random services at will. If you do have to use an uncooperative service, the only solution is to proxy it through your own server with all associated problems: the questionable legality, the reduced performance, the increased load on your server, the reduced number of connections between user's browser and your server, and so on.
OTHER TIPS
Have a look at JSONP, which works around the same origin policy using pretty much the approach you are describing, just make sure you trust where you get it from...
