Simon Willison's Weblog: crossdomainhttp://simonwillison.net/2009-11-26T12:52:16+00:00Simon WillisonflXHR2009-11-26T12:52:16+00:002009-11-26T12:52:16+00:00https://simonwillison.net/2009/Nov/26/flxhr/#atom-tag
<p><strong><a href="http://flxhr.flensed.com/">flXHR</a></strong></p>
I was looking for something like this recently, glad to see it exists. flXHR is a drop-in replacement for regular XMLHttpRequest which uses an invisible Flash shim to allow cross-domain calls to be made, taking advantage of the Flash crossdomain.xml security model.
<p>Tags: <a href="https://simonwillison.net/tags/ajax">ajax</a>, <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/flash">flash</a>, <a href="https://simonwillison.net/tags/flxhr">flxhr</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/swf">swf</a>, <a href="https://simonwillison.net/tags/xhr">xhr</a>, <a href="https://simonwillison.net/tags/xmlhttprequest">xmlhttprequest</a></p>
Firefox 3.5 for developers2009-06-30T18:08:34+00:002009-06-30T18:08:34+00:00https://simonwillison.net/2009/Jun/30/firefox/#atom-tag
<p><strong><a href="https://developer.mozilla.org/en/Firefox_3.5_for_developers">Firefox 3.5 for developers</a></strong></p>
It’s out today, and the feature list is huge. Highlights include HTML 5 drag ’n’ drop, audio and video elements, offline resources, downloadable fonts, text-shadow, CSS transforms with -moz-transform, localStorage, geolocation, web workers, trackpad swipe events, native JSON, cross-site HTTP requests, text API for canvas, defer attribute for the script element and TraceMonkey for better JS performance!
<p>Tags: <a href="https://simonwillison.net/tags/audio">audio</a>, <a href="https://simonwillison.net/tags/browsers">browsers</a>, <a href="https://simonwillison.net/tags/canvas">canvas</a>, <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/csstransforms">csstransforms</a>, <a href="https://simonwillison.net/tags/dragndrop">dragndrop</a>, <a href="https://simonwillison.net/tags/firefox">firefox</a>, <a href="https://simonwillison.net/tags/firefox35">firefox35</a>, <a href="https://simonwillison.net/tags/fonts">fonts</a>, <a href="https://simonwillison.net/tags/geolocation">geolocation</a>, <a href="https://simonwillison.net/tags/html5">html5</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/json">json</a>, <a href="https://simonwillison.net/tags/localstorage">localstorage</a>, <a href="https://simonwillison.net/tags/mozilla">mozilla</a>, <a href="https://simonwillison.net/tags/offlineresources">offlineresources</a>, <a href="https://simonwillison.net/tags/performance">performance</a>, <a href="https://simonwillison.net/tags/textshadow">textshadow</a>, <a href="https://simonwillison.net/tags/tracemonkey">tracemonkey</a>, <a href="https://simonwillison.net/tags/video">video</a>, <a href="https://simonwillison.net/tags/webworkers">webworkers</a></p>
The March of Access Control2008-11-19T08:40:34+00:002008-11-19T08:40:34+00:00https://simonwillison.net/2008/Nov/19/john/#atom-tag
<p><strong><a href="http://ejohn.org/blog/the-march-of-access-control/">The March of Access Control</a></strong></p>
The W3C Access Control specification is set to become a key technology in enabling secure cross-domain APIs within browsers, and since it addresses a legitimate security issue on the web I hope and expect it will be rolled out a lot faster than most other specs.
<p>Tags: <a href="https://simonwillison.net/tags/accesscontrol">accesscontrol</a>, <a href="https://simonwillison.net/tags/browsers">browsers</a>, <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/internet-explorer">internet-explorer</a>, <a href="https://simonwillison.net/tags/john-resig">john-resig</a>, <a href="https://simonwillison.net/tags/security">security</a></p>
CSSHttpRequest2008-10-23T18:25:43+00:002008-10-23T18:25:43+00:00https://simonwillison.net/2008/Oct/23/csshttprequest/#atom-tag
<p><strong><a href="http://nb.io/hacks/csshttprequest/">CSSHttpRequest</a></strong></p>
Devious cross-domain Ajax hack that uses CSS for transport (@import rules with data URIs, but it still works in IE). Similar to JSONP but safer, since JSONP can cause arbitrary JavaScript to execute.
<p><small></small>Via <a href="http://mike.teczno.com/snippets.html">Mike Migurski</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/ajax">ajax</a>, <a href="https://simonwillison.net/tags/atimport">atimport</a>, <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/css">css</a>, <a href="https://simonwillison.net/tags/csshttprequest">csshttprequest</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/json">json</a>, <a href="https://simonwillison.net/tags/jsonp">jsonp</a></p>
window.name Transport2008-07-23T16:25:51+00:002008-07-23T16:25:51+00:00https://simonwillison.net/2008/Jul/23/sitepen/#atom-tag
<p><strong><a href="http://www.sitepen.com/blog/2008/07/22/windowname-transport/">window.name Transport</a></strong></p>
The cleverest use of the window.name messaging hack I’ve seen yet: Dojo now has dojox.io.windowName.send for safe, performant cross-domain messaging.
<p>Tags: <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/dojo">dojo</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/windowname">windowname</a></p>
xssinterface2008-03-05T00:08:12+00:002008-03-05T00:08:12+00:00https://simonwillison.net/2008/Mar/5/xssinterface/#atom-tag
<p><strong><a href="http://code.google.com/p/xssinterface/">xssinterface</a></strong></p>
Clever JavaScript library for implementing opt-in cross-domain messaging in JavaScript (allowing communication between pages and iframes on different domains). Uses HTML 5’s postMessage API if available, otherwise falls back on either Google Gears or a clever cookie hack.
<p><small></small>Via <a href="http://ajaxian.com/archives/xssinterface-cross-domain-access-using-postmessage-and-more">Ajaxian</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/html5">html5</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/postmessage">postmessage</a>, <a href="https://simonwillison.net/tags/xssinterface">xssinterface</a></p>
Cross-Site XMLHttpRequest2008-01-09T23:57:00+00:002008-01-09T23:57:00+00:00https://simonwillison.net/2008/Jan/9/crosssite/#atom-tag
<p><strong><a href="http://developer.mozilla.org/en/docs/Cross-Site_XMLHttpRequest">Cross-Site XMLHttpRequest</a></strong></p>
“Firefox 3 implements the W3C Access Control working draft, which gives you the ability to do XMLHttpRequests to other web sites”—you can mark a document as available for cross-domain requests using either an Access-Control HTTP header or an XML processing instruction.
<p><small></small>Via <a href="http://ejohn.org/blog/cross-site-xmlhttprequest/">John Resig</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/accesscontrol">accesscontrol</a>, <a href="https://simonwillison.net/tags/ajax">ajax</a>, <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/firefox">firefox</a>, <a href="https://simonwillison.net/tags/firefox3">firefox3</a>, <a href="https://simonwillison.net/tags/http">http</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/john-resig">john-resig</a>, <a href="https://simonwillison.net/tags/mozilla">mozilla</a>, <a href="https://simonwillison.net/tags/w3c">w3c</a>, <a href="https://simonwillison.net/tags/xml">xml</a>, <a href="https://simonwillison.net/tags/xmlhttprequest">xmlhttprequest</a></p>
hasAccount2007-09-28T09:10:56+00:002007-09-28T09:10:56+00:00https://simonwillison.net/2007/Sep/28/as/#atom-tag
<p><strong><a href="http://www.kryogenix.org/days/2007/09/28/hasaccount">hasAccount</a></strong></p>
Stuart proposes a light-weight API for letting any site know if a user has an account (and is signed in) on another service. I wouldn’t want to deploy this without being confident that my CSRF protection was in order.
<p>Tags: <a href="https://simonwillison.net/tags/accounts">accounts</a>, <a href="https://simonwillison.net/tags/api">api</a>, <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/csrf">csrf</a>, <a href="https://simonwillison.net/tags/json">json</a>, <a href="https://simonwillison.net/tags/stuart-langridge">stuart-langridge</a></p>
Google AJAX Feed API2007-04-18T17:29:52+00:002007-04-18T17:29:52+00:00https://simonwillison.net/2007/Apr/18/google/#atom-tag
<p><strong><a href="http://code.google.com/apis/ajaxfeeds/">Google AJAX Feed API</a></strong></p>
Simple cross-domain proxy to allow JavaScript to access any publically addressable syndication feed, with the same logic as Google Reader providing normalisation.
<p><small></small>Via <a href="http://ajaxian.com/archives/google-announces-new-ajax-feed-api">Ajaxian</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/ajax">ajax</a>, <a href="https://simonwillison.net/tags/atom">atom</a>, <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/feed">feed</a>, <a href="https://simonwillison.net/tags/google">google</a>, <a href="https://simonwillison.net/tags/google-reader">google-reader</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/rss">rss</a>, <a href="https://simonwillison.net/tags/syndication">syndication</a></p>
XMLHttpRequests using an IFrame Proxy2006-08-01T17:40:02+00:002006-08-01T17:40:02+00:00https://simonwillison.net/2006/Aug/1/xmlhttprequests/#atom-tag
<p><strong><a href="http://dojotoolkit.org/~jburke/XHRIFrameProxy.html">XMLHttpRequests using an IFrame Proxy</a></strong></p>
Another scary hack abstracted away by Dojo.
<p><small></small>Via <a href="http://blog.dojotoolkit.org/2006/07/31/cross-domain-xmlhttprequests-using-an-iframe-proxy">dojo.foo</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/ajax">ajax</a>, <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/dojo">dojo</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/xmlhttprequest">xmlhttprequest</a></p>