Solutions
to allow XMLHttpRequest to talk to external services: "
Over on XML.com they published
Fixing AJAX: XmlHttpRequest Considered Harmful.
This article discusses a few ways to get around the security
constraints that we have to live with in the browsers theses days,
in particular, only being able to talk to your domain via XHR.
The article walks you through three potential solutions:
-
Application proxies. Write an application in
your favorite programming language that sits on your server,
responds to
XMLHttpRequest
s from users, makes the web
service call, and sends the data back to users.
-
Apache proxy. Adjust your Apache web server
configuration so that
XMLHttpRequest
s can be invisibly
re-routed from your server to the target web service domain.
-
Script tag hack with application proxy
(doesn't use
XMLHttpRequest
at all). Use the HTML
script
tag to make a request to an application proxy
(see #1 above) that returns your data wrapped in JavaScript. This
approach is also known as On-Demand
JavaScript.
I can't wait for Trusted Relationships within the
browser - server infrastructure.
With respect to Apache proxies, these things are priceless. I
recently talked about them in relation to Migrating data
centers with zero downtime.
What do you guys think about this general issue? Have you come
up with any interesting solutions? Any ideas on how we can keep
security, yet give us the freedom that we want?
(Via Ajaxian Blog.)
Well here is what I think (actually know):
Our Virtuoso Universal
Server has been sitting waiting to deliver this for years (for
the record see the Virtuoso 2000 Press
Release). Virtuoso can proxy for disparate data sources and
expose disparate data as Well-Formed XML using an array of
vocabularies (you experience this SQL-XML integration on the fly
every time you interact with various elements of my public blog).
Virtuoso has always been able to expose Application Logic as
SOAP and/or RESTful/RESTian style XML Web Services. This
blog's search page is a simple demo of this capability.
Virtuoso is basically a Junction Box / Aggregator / Proxy for
disparate Data, Applications, Services, and BPEL compliant business
processes. AJAX clients talk to this single multi-purpose server
which basically acts as a conduit to content/data, services, and
processes (which are composite services).
BTW - there is a lot more, but for now, thou shall have to seek
in order to find :-)