Appendix D. Other cross-origin techniques

This appendix covers alternatives to CORS. Before CORS, the techniques described here could be used to make cross-origin requests. While CORS is the standard for modern web applications, these alternative techniques are useful for making cross-origin requests from older browsers.

Each technique follows a similar pattern, as illustrated in figure D.1. The client wants to make a request to a server that lives at a different origin. In between there is a proxy mechanism that processes the request from the client and sends it to the server.

Figure D.1. All cross-origin techniques follow a similar pattern.

figure D.1 will reappear in each section that follows to help highlight how each technique operates.

D.1. JSONP

JSONP, which stands for JSON with padding, uses the browser’s own script tag to send cross-origin requests, as shown in figure D.2.

Figure D.2. JSONP uses a `<script>` tag to send cross-origin requests.

The following listing shows how to use JSONP to recreate the Flickr example from chapter 1.

Appendix D. Other cross-origin techniques

Figure D.1. All cross-origin techniques follow a similar pattern.

D.1. JSONP

Figure D.2. JSONP uses a `<script>` tag to send cross-origin requests.

Listing D.1. Using JSONP to access Flickr

D.2. Flash

D.3. postMessage and easyXDM

D.4. Server-side request

Appendix D. Other cross-origin techniques

Figure D.1. All cross-origin techniques follow a similar pattern.

D.1. JSONP

Figure D.2. JSONP uses a <script> tag to send cross-origin requests.

Listing D.1. Using JSONP to access Flickr

D.2. Flash

D.3. postMessage and easyXDM

D.4. Server-side request

Figure D.2. JSONP uses a `<script>` tag to send cross-origin requests.