cross-domain
How to listen for child window closing?
If you store a reference to the child window when you call window.open(), then you can poll using setInterval() to see whether the window is still open using the window.closed property. The example below checks twice per second. var child = window.open(‘http://google.com’,”,’toolbar=0,status=0,width=626,height=436′); var timer = setInterval(checkChild, 500); function checkChild() { if (child.closed) { alert(“Child window … Read more
Purpose of the crossorigin attribute…?
The answer can be found in the specification. For img: The crossorigin attribute is a CORS settings attribute. Its purpose is to allow images from third-party sites that allow cross-origin access to be used with canvas. and for script: The crossorigin attribute is a CORS settings attribute. It controls, for scripts that are obtained from … Read more
How to send a correct authorization header for basic authentication
Per https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding and http://en.wikipedia.org/wiki/Basic_access_authentication , here is how to do Basic auth with a header instead of putting the username and password in the URL. Note that this still doesn’t hide the username or password from anyone with access to the network or this JS code (e.g. a user executing it in a browser): $.ajax({ … Read more
EasyXDM: download files from 3rd party service
Unless the third-party server you are communicating specifically supports EasyXDM, it is not appropriate. EasyXDM requires that both sides be using it; it cannot be used to communicate with a service that isn’t using it.
Ajax Cross Domain Calls
Different port means different domain for the browser. So you will hit the cross-domain barrier. Like Stuart said, you could try using JSONP. If you are using jQuery, I’d recommend http://code.google.com/p/jquery-jsonp/ if you want it to be as painless as possible.
Secure and Flexible Cross-Domain Sessions
What you could do is create “cross-over” links between the sites to carry the session over. The simplest way is to pass the session id via the query string; e.g. http://whateverblammo.com/?sessid=XXYYZZ Before you start thinking that anyone can trap that information, think about how your cookies are transferred; assuming you’re not using SSL, there’s not … Read more
CORS – Cross-Domain AJAX Without JSONP By Allowing Origin On Server
There is no need to use JSONP if you enable CORS. Access-Control-Allow-Origin: http://www.example.com if this header is set in the response, then normal XmlHttpRequest will be able to access the response as if it is like same domain. Check whether this header is set correctly. I hope that this link will help you if you … Read more
No response from MediaWiki API using jQuery
You need to trigger JSONP behavior with $.getJSON() by adding &callback=? on the querystring, like this: $.getJSON(“http://en.wikipedia.org/w/api.php?action=query&prop=revisions&rvprop=content&titles=”+title+”&format=json&callback=?”, function(data) { doSomethingWith(data); }); You can test it here. Without using JSONP you’re hitting the same-origin policy which is blocking the XmlHttpRequest from getting any data back.
Why does a cross-origin HEAD request need a preflight check?
The primary intent of preflighting is to ensure that servers aren’t suddenly sent cross-origin browser-based requests that they could have never received before the CORS spec was implemented. Before the CORS spec, it was impossible to send any browser-based cross-origin requests other than GET or POST. The browser simply would not allow you to fire … Read more