I have a little personal application project underway, I have been tinkering with it for a while now in my CFT. I am not going to say much about what the application does yet, save to say, it is a kind of mashup of Flickr with itself …… it makes browsable relationships in Flickr content that I want, but Flickr does not offer. (When it is ready you will be the first to know ;-))
The application needs to make lots of recursive calls to the FlickrAPI to get the information it needs.
Because of the Browser Security Model, it is not usually possible to make XHR calls to a REST API on a different domain to the one the page came from, so the way people generally handle this, is to set up a Proxy Server on the same domain, to pass the calls through.
Setting up a proxy to call external WebServices, opens up a can of worms, it can be very tricky to secure. Other people could use your proxy for their own services, eventually it will lead to trouble.
To avoid having a proxy that would offer anything useful to another application, my first implementation worked by doing all of the heavy lifting on the server, then sending the results pre-formatted to the client, thus closing off access to the FlickrAPI from my server.
I began to tire of this approach, it is heavy and overly complicated, the results take too long to display, the server has to work hard.
I have been doing some work with Dojo 0.4.1 recently.
Dojo has something called ScriptSrcTransport …… it allows you to do a normal dojo.io.bind, but instead of using XHR, the call is made by injecting a script tag into the head of the document.
It sounds like an almighty hack, but IT JUST WORKS!!!
It is faster, users see results quicker, I do not need an XHR Proxy on my server.
Cross-Domain calls to Flickr’s REST API, getting results via JSONP.
This so rocks !!!!