At work, I’ve been building a a tool that does a bunch of JavaScript interaction with REST services. It should be able to use GET, POST, PUT and DELETE and be able to send custom headers.
No big deal, right? Well, the service isn’t running on the same host as the client is served from. While I could change that, I don’t want to for various reasons.
I’ve surveyed my options and none are ideal.
| method | cross-domain requests | browser compatibility | HTTP verbs | custom headers | synchronous calls |
|---|---|---|---|---|---|
| XmlHttpRequest | no | pretty much all | all | yes | yes |
| XmlHttpRequest + CORS/XDomainRequest | yes | Firefox 3.5+, Safari 4+, IE 8+, and Chrome | all | yes | yes |
| client-side flash proxy | yes | pretty much all | GET, POST | some | yes |
| jsonp | yes | pretty much all | GET | no | no |
CORS seems like the ideal solution if it was available in all browsers.
If the client flash proxy wasn’t limited to GET and POST and didn’t require crossdomain files all over the place, then maybe I would have gone with that.
Instead, I decided on jsonp, with a servlet filter that emulates other HTTP verbs, Content-Type and request body. At least this way my REST service doesn’t have to change. I’ve only built an adapter for JavaScript’s silly limitations.
It’s enough to make me want throw up my hands and start writing Objective-C.