Lesson 2: Working with web services CHAPTER 8 381
This example allows anyone to access the web service, but that could open the site for XSS
attacks from malicious websites. It’s generally preferred to list the allowed sites explicitly, as
follows.
Access-Control-Allow-Origin: http://contoso.com:8080 http://www.adventure-works.com/Quick check
■■You have a web service that provides read-only access to data. You want to
expose this web service so it can be called from any other website. What header
would you return?Quick check answer
■■Use the following header.
Access-Control-Allow-Origin: *Lesson summary
■■Web services provide the ability to send data to the server and receive data back from
the server without requiring a repaint of the browser screen.
■■AJAX, which stands for Asynchronous JavaScript and XML, enables you to write
JavaScript that asynchronously calls the server and processes the result.
■■Piecing multiple web services together to create an application is called a mashup.
■■Representational State Transfer (REST) is implemented by manipulating web resources,
using a uniform set of stateless operations. REST attempts to use the standard opera-
tions of HTTP (or similar protocols) by mapping CRUD (create, retrieve, update, and
delete) operations to HTTP methods.
■■Arbitrary web services expose an arbitrary set of operations and are known as big web
services. They typically use specially formatted XML messages called SOAP (Simple
Object Access Protocol) messages. The primary object that makes an AJAX call is
XMLHttpRequest.
■■You can use jQuery to create browser-independent asynchronous calls to the server.
JQuery has a promise object you can use to register functions to execute when the
AJAX call is progressing, is successful, has failed, or has completed. A promise object is
returned from all AJAX calls.
■■Cross-origin resource sharing (CORS) can be implemented at the server to allow
browsers to make calls to the web service from other domains.