The XMLHttpRequest object should be very famous in the world of developers who are developing ajax applications, which is at the core of of today’s most exciting web applications. Client browsers who are hosting those web applications have a cross domain scripting restriction, which prevents the browser from communicating with any domain other than the domain that serves the browser page.

 Most of the web applications will consume the resources only within one domain, but what if it comes to the situation that the application need to consume the resources from multiple domains, such as calling a 3rd party web service to retrieve some data? Given the restrictions imposed by web browsers on network connections across domains, the solution for the above problem will be really tricky. So let me explain in detail the four ways of getting around the cross browser issues:

Application proxies

Write an application in your favorite programming language that sits on the server, responds to XMLHttpRequests from users, makes the web service call, and sends the data back to users.

Since the request from the client intially goes to the specified domain proxy, there is no violation of the cross domain restriction. Design the data of your XMLHttpRequest that contains all the information needed for the proxy to construct an HTTP request according to your client request, such as URL, mimeType, requestHeaders, etc. Once the proxy receives the request, it constructs an outgoing request to the final destination specified , and waits for the response. After the response is received, the proxy repackages the response and delivers it back to the client.

Apache proxy

Modify your Apache web server configuration so that XMLHttpRequests can be re-routed from your server to the target domain, which is similar as the above approach.

Use apache’s mod_rewrite or mod_proxy to pass requests from your server to the other server. In your client code you just make the request as if the requested resource or web service actually resides on your server. Apache then does its magic and constructs and sends the request to the other server and retrieve the response for you.

Script tag

We can get around the browser security problem by making our request directly inside a <script> tag. Use the HTML script tag to make a dynamic request to an application proxy (see the #1 above) that returns the data wrapped in JavaScript, which is the JSON - Javascript Object Notation format.

Also the application proxy mentioned above can be a 3rd party web service.If the web service you’re requesting can output JSON, the data you get back from the web service is evaluated as a JavaScript object when the page is loaded.

Browser-dependent settings

* For IE: On Microsoft’s IE 5 and 6, the crosss domain requests are possible if your browser security settings are low enough (most users will see a security warning and if they click ok the request will proceed anyway). On Firefox, Netscape, Safari, and the latest versions of Opera, the requests are denied.

* Firefox: Digitally sign your scripts. In Firefox, Netscape, and other Mozilla browsers, you can apply a digital signature to your script and the browser will consider those scripts as “trusted”. Then we can make XMLHttpRequests to any domain. However, other browsers do not support script signing, so this solution is of limited use.

Above all, we can pick up one of the solutions that best fits our needs and do the cross-browser hack easily.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4 out of 5)
Loading ... Loading ...

You may also like following posts

  • No Related Post