I am writing a REST service that will be accessed by web applications, desktop clients, mobile clients, etc. through the REST interface. The idea is to store objects such as notes, calendar events, etc., in a common hierarchy and provide HTTP methods for creating, updating and deleting documents, so this should be an ideal area for the REST interface.
My plan is to have a REST server somewhere and web applications on other servers using data, so I need to make a request for a cross-domain request, which is under special restrictions for security reasons (see, for example , this article ). I also want to do some real-time web material updates.
Now I am doing extensive research, studying what CORS is, and testing it (with tornadoes and jQuery.ajax), but by now I am getting a suspicion that the setting I am aiming for will simply appear soon. I only tried with Firefox (both 3.6 and 9), but I already have problems:
- HTTP authentication does not work with jQuery.ajax () (even if Credentials is set)
- Some browsers do not support CORS at all (says Wikipedia )
- at least one FF plugin ( RequestPolicy ) makes CORS unusable
I understand that CORS / AJAX is a possible solution, but there seem to be too many limitations for practical use. What do you people who have done this before thought: this is what I should do, and I hope that someone will solve these problems sometime in the future? Or is it too early for a cross-domain REST / AJAX approach? What alternative would you choose for the above plans? When I start a new project, I would like to make it clean, without JSONP, proxies or other workarounds, but if there wasn’t a way, I would do it anyway.
Thanks for any answers!
source share