If I try to do an ajax request to an arbitrary URL I will get this error:
xhr=new XMLHttpRequest(); xhr.open("GET", "http://google.com", true); xhr.send(null);
- Dynamtic Script tag w/ JSON callbacks</p>
This is the same-origin policy error. However you may wonder how various JS APIS work like google maps or facebook JS API - they are clearly pulling data from their servers from your page…. There are various ways around the same-origin policy of which I wish to enumerate here.
Dynamic Script Tag / JSON callback
I want to call API on remotesite.com so I would add a script tag to the DOM w/ the api endpoint. For example http://remotesite.com/api?query=get.users&token=asfxjee993
Then the arbitraryCallbackFunction on my page would be called and passed the JSON body – effectivly doing an AJAX request to a remote server and circumventing the orgin policy.