Chapter 4. Communicating with the server
This chapter covers
- Same-origin policy (SOP)
- Techniques to enable cross-domain messaging around the SOP
- Security implications associated with SOP workarounds
- Cross-origin resource sharing (CORS)
In previous chapters you learned how to distribute, load, and render a third-party JavaScript application on the publisher’s web page. You’re off to a great start, but so far your application only has access to the predefined data embedded in your JavaScript files. Unless you’re dealing with small, unchanging datasets, at some point you’ll need to make dynamic requests for data from your servers. And if your application is collecting data, either passively or directly via user input, you’ll likely want to push that data to your servers too.