views:

44

answers:

2

I'm making html widget for websites. Let's say, it will display current stock indexes.
In short, arbitrary website owner takes code snippet from me and includes it on his webpage http://website.com/index.html. When arbitrary user opens http://website.com/index.html, my code sends request to my server (provider.com), which performs necessary operations and returns information to user's browser. When response has arrived, user will see relevant stock value on http://website.com/index.html.

In index.html service could be called like this

<script type="text/javascript" src="provider.com/service.js"> </script>
<div id="target_area"></div>
<script type="text/javascript">
    service.show("target_area", options);
</script>

Now, the problem is in the same origin policy: I can't just send ajax request from website.com to provided.com and return html to embed in client's webpage. I see several solutions, which I list below, but none quite satisfy me. I wonder, if you could suggest something, especially if you had some relevant experience.

1) iframe, plain and simple. Disadvantage: must have fixed dimensions + stupid scroll bars appearing in some browsers. Can be fixed with javascript, but all this browser-specific tinkering doesn't sound good to me.

2) JSONP. Problem: can't return whole chunk of html, must return only data. Then, on browser side, I'll have to use javascript to embed data into html snippet placed statically in index.html. Doesn't sound nice, because data format is not very simple and may even change later.

3) Use hidden iframe to do ajax requests. A bit tricky, but sounds like a way to go.

Well, that's my thoughts on the subject. Are there any better ways?
BTW, I tried to check some existing widgets too, but didn't find much useful information.

All domain names used in this text are fictional and any resemblance is purely coincidental :)

update Works now, as SLaks suggested! If anyone's interested in details, response html has to be post-processed like this (ruby)

body = body.gsub '"', '\\"'
body = body.gsub /\n/, '\\n';
body = body.gsub '/', '\\/';
body = params[:callback] + '("' + body + '");';

After that, you can use jquery with "dataType: 'jsonp'" option.

+1  A: 

You can use JSONP to send a string containing raw HTML.

JSONP is the best option here.

SLaks
You mean, escape html and return it as a string constant? Sounds like a good idea, although adding such kind of post-processing on server could be tricky (I'm using ruby on rails, but in java which I know it's not trivial too). Anyway, I'll give it a try!
Nikita Rybak
Your environment should have a JSON encoder.
SLaks
Indeed, but it assumes that I return json, and not html. Encoding it all is kinda tricky (replacing quotes, line breaks, etc), but I'm on my way.
Nikita Rybak
You can pass an ordinary string containing HTML to the JSON encoder, and it will encode the string for you.
SLaks
+1  A: 

The way I have solved that problem in the past is by running a very lightweight proxy on website.com that will take the AJAX request from the client, pass it on to provider.com, and send back the results that come back from provider.com. I'm not sure if that's an acceptable solution in your environment.

One advantage of this solution is that you can add value in the proxy, like caching answers for a while, encrypting and/or compressing the communication with provider.com, authentication and authorization, etc.

dj_segfault
Thanks, but it imposes unreasonable requirements to server type on website.com, over which I have no control. But +1 for the attempt anyway :)
Nikita Rybak