tags:

views:

68

answers:

2
+3  Q: 

Same Origin Policy - AJAX & using Public APIs

I know if on my own webpage, if my user is on : http://www.example.com/form.php

and I make an ajax request from that page to : http://example.com/responder.php

It will fail because of the Same origin policy (subdomain is different).

What I am trying to understand is, how is it that AJAX requests can pull data from API's like flickr when the request and server are obviously different.

Edit :

eg: Why does this code work?

$.getJSON('http://api.flickr.com/services/rest/?&;method=flickr...'

(Referred this Community Wiki) Is it using Cross Origin Resource Sharing?

Thanks!

+4  A: 

There are few known methods to work around the Same Origin Policy. One popular technique is to use "Script Tag Injection" such as in JSONP. Since the <script> tag is not constrained by the Same Origin Policy, a script on a third-party domain can provide executable code that interacts with a provided callback function. You may want to check out the "Tips and Tricks" section in the following article for further reading on the topic:

You may also be interested in checking out the following Stack Overflow post for further reading on other techniques to work around the Same Origin Policy:

UPDATE: Further the updated question:

Quoting from the jQuery documentation on $.getJSON():

If the URL includes the string "callback=?" in the URL, the request is treated as JSONP instead.

Daniel Vassallo  2010-08-21 07:39:16
It isn't so much that the element is exempt from the Same Origin Policy as that JavaScript has no access to the raw data returned. It depends on the third party providing executable code that interacts with a function you provide.
David Dorward  2010-08-21 07:48:52
@David: Thanks. Updated my answer to be more accurate :)
Daniel Vassallo  2010-08-21 08:14:41
aha! damn, jQuery doing all these tricks handles it in the background! :) NEAT! Love jQuery --- Ref : http://insideria.com/2009/03/what-in-the-heck-is-jsonp-and.html
DMin  2010-08-21 08:26:48
A: 

Just redirect from your server to that service on another port / path.

fluffels  2010-08-21 07:39:31

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript