> In any case, ASS is a giant hack, and one that is avoidable by using > some other way to do the cross site stuff. This is a hot topic in > AJAX land at the moment, and I'm sure another solution will be > forthcoming. It should have never made it into the > already-at-Draft-status BOSH XEPs and should be moved to a historic or > experimental xep. >
I don't disagree. Like I said, not trying to be an apologist for it; just explaining what I think of it =] > > I'm pretty sure the other cross site solutions will not be BOSH > specific, and so will not need a XEP of their own, unless we do an > informational one. I think it's important that it be based on something that people can agree on rather than everyone rolling their own slightly different solution. Experimental / informal XEP if necessary. > > > Personally, I don't see the single domain limitation as being that > bad. There is nothing preventing you from proxying Punjab behind > nginx and connecting to any jabber server you want that way. I know > Blaine had a use case or two that required a separate domain, but this > seems limited to extreme cases like Twitter scalability levels. Even > then I'm not sure it is absolutely necessary, or just a big > convenience. It isn't even an extreme case that calls for it. Say you have $9/mo hosting and you don't know anything about servers (or don't have sufficient privileges), but you want to put Social Widget X on your page. With XSS, you can consume a completely hosted solution; <script src=" http://socialwidgetx.com/embed.js"; ...> which then makes a 'connection' using BOSH or Protocol Y to http://bosh.socialwidgetx.com/. How it accomplishes this I don't mind, as we can agree that this is a legit case and solve it =] > Note that flash has similar limitations as well. I talked with > Fritzy about Seesmic's AS3 XMPP implementation, and that limits you to > a local jabber server IIRC. I suppose you could get around that with > a jabber proxy too, which is essentially all BOSH is. > > Flash can overcome the same-origin policy with crossdomain.xml. I've read that browsers may be adopting some mechanisms in the future that will be more friendly to the use case that I'm thinking of such as cross window messaging, x-domain policy headers, and others. But for the time being browsers don't commonly support such things and so some browser-specific workaround is needed. Specifying or using something Bayeux-like that negotiates transport mechanisms would allow future expandability as well; the next few years of browser features is going to be interesting and fast changing. Best, Harlan
