How does Google's javascript API get around the cross-domain security in AJAX

views:

1928

answers:

+4 Q:

How does Google's javascript API get around the cross-domain security in AJAX

How does Google's API make cross-domain requests back to Google, when it's on your website?

+1 A:

AFAIK they use IFRAMEs.

Ben Stiglitz 2008-09-24 18:51:33

I Agree with you. Google should be using something similar to this, as they do a Post to their Calendar service using the Javascript library which is not possible in JSONp. +1

Ramesh 2009-09-11 12:40:52

+7 A:

<script> tags work cross-domain. See also: JSONP

Shog9 2008-09-24 18:52:15

+5 A:

They get around it by dynamically injecting script tags into the head of the document. The javascript that is sent down via this injection has a callback function in it that tells the script running in the page that it has loaded and the payload (data).

The script can then remove the dynamically injected script tag and continue.

Ryan Doherty 2008-09-24 18:54:22

Another possibility is to use the window.name transport as described for the dojo framework here

Burke 2008-09-25 03:22:43

ansaurus

tags:

views:

answers:

How does Google's javascript API get around the cross-domain security in AJAX

related questions