tags:

views:

308

answers:

2
+2  Q: 

WCF REST with jQuery AJAX - removing/working around same origin policy

So I'm trying to create a C# WCF REST service that is called by jQuery. I've discovered that jQuery requires that AJAX calls are made under the same origin policy. I have a few questions for how I might proceed.

I am already aware of;
1. The hacky solution of JSONP with a server callback
2. The way too much server overhead of having a cross-domain proxy.
3. Using Flash in the browser to make the call and setting up crossdomain.xml at my WCF server root.

I'd rather not use these because;
1. I don't want to use JSON, or at least I don't want to be restricted to using it
2. I would like to separate the server that serves static pages from the one that serves application state.
3. Flash in this day and age is out of the question.

What I'm thinking: is there anything like Flash's crossdomain.xml file that works for jQuery? Is this "same-origin" policy a part of jQuery or is it a restriction in specific browsers? If it's just a part of jQuery, maybe I'll try digging in the code to work around it.

+1  A: 

Unfortunately, the same-origin policy is a restriction of browsers, not explicitly part of jQuery, so I doubt you're going to find a way around that.

I'd suggest your best bet is to stick with the JSONP solution. Yes, you could argue is "hacky", but it's a very widely accepted "hack" for exactly the reasons you're coming up against (i.e. its one of the only feasible options).

As for being restricted to using JSON, if you're in control of both ends of the service call, there's no reason you couldn't use a JSONP style usage pattern, but not actually use JSON... Your server response is just going to be passed to a JavaScript function on the client side, so there's no stopping you from returning, say, XML in a string & then having your callback parse & handle that (although, that's probably pushing you into genuinely "hacky" territory).

Alconja  2010-06-10 04:22:05
Fair enough. If its coded into the browser, I guess thats what I'm stuck with.
csauve  2010-06-10 13:17:33
see below, this is how to do it. no jsonp. works for xml data and json data
csauve  2010-09-09 22:51:22
+1  A: 

You could also consider spitting out an additional http header that will enable cross-domain requests on your web service.

This is described here:

http://www.w3.org/TR/cors/

https://developer.mozilla.org/en/HTTP_access_control

So if you add the following header to any content that your web-service delivers:

Access-Control-Allow-Origin: *

the browser will allow cross-domain requests to that web service. This is supported in most modern browsers (ff 3.5, IE 8, safari 4) and seems to work very nicely for jquery applications hosted at domain foo.com that make ajax calls to bar.com

shreddd  2010-07-16 05:32:44
I started using this recently, thanks!
csauve  2010-09-09 22:50:30

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript