I had a project that extensively used cross-domain requests in the past,
and I will say I think the whole thing is a mess.
The solution I used, which worked flawlessly, came from a little gem known
as window.postMessage
The window.postMessage method is used to communicate between iframes loaded
from different domains. Normally cross-domain iframe traffic is disallowed,
but postMessage *is* allowed. The iframe acts like an interface to the
remote domain:
<Main Page> --- <Hidden iFrame>
| |
<Domain 1> <Domain 2>
You can relay any messages to domain2 via postMessage without *any* Access
Control Allow Origin headers. This method is much easier to debug, and will
actually give you better performance. Cross-domain POST requests are
actually two HTTP trips, because the browser first pre-authorizes your
request.
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
