Saturday, February 5, 2011

How does Google's javascript API get around the cross-domain security in AJAX

How does Google's API make cross-domain requests back to Google, when it's on your website?

From stackoverflow Arron

  • AFAIK they use IFRAMEs.

    Ramesh : I Agree with you. Google should be using something similar to this, as they do a Post to their Calendar service using the Javascript library which is not possible in JSONp. +1
    From Ben Stiglitz

  • <script> tags work cross-domain. See also: JSONP

    From Shog9

  • They get around it by dynamically injecting script tags into the head of the document. The javascript that is sent down via this injection has a callback function in it that tells the script running in the page that it has loaded and the payload (data).

    The script can then remove the dynamically injected script tag and continue.

    From Ryan Doherty

  • Another possibility is to use the window.name transport as described for the dojo framework here

    From Burke
Posted by Ku XI at 9:59 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)