484 Part III: Advanced Topics
However, there are ways around this limitation as shown in the diagram here and
summarized in Table 10-1.Approach Description Comments
Proxy Calls a script on the server of
delivery (within same origin) that
calls remote Web Service on your
behalf and passes the result back.Avoids same origin issue.
Puts burden on your server to
forward requests.
May provide a proxy that can be
exploited.
URL forwarding A variation of the previous method.
Calls a URL on the server (within
same origin), which acts as a
proxy redirect that pipes data
transparently to a remote resource
and back. Usually performed
using a server extension like
mod_rewrite.Avoids same origin issue.
Puts burden on your server to
forward requests.
May provide a proxy that can be
exploited.Script Tag Workaround Makes call to remote service using
a <script> tag that returns a
wrapped JSON response invoking a
function in the hosting page.Not restricted by same origin.
Script transport not as flexible as
XHR.
Script responses and JSON
responses shown to have some
security concerns. Which might be
mitigated with browser changes or
the iframe solution discussed in
Chapter 7.TABLE 10-1 Summary of Web Service via Ajax Approaches