The sad state of REST and Javascript in 2011

At work, I’ve been building a a tool that does a bunch of JavaScript interaction with REST services. It should be able to use GET, POST, PUT and DELETE and be able to send custom headers.

No big deal, right? Well, the service isn’t running on the same host as the client is served from. While I could change that, I don’t want to for various reasons.

I’ve surveyed my options and none are ideal.

method cross-domain requests browser compatibility HTTP verbs custom headers synchronous calls
XmlHttpRequest no pretty much all all yes yes
XmlHttpRequest + CORS/XDomainRequest yes Firefox 3.5+, Safari 4+, IE 8+, and Chrome all yes yes
client-side flash proxy yes pretty much all GET, POST some yes
jsonp yes pretty much all GET no no

CORS seems like the ideal solution if it was available in all browsers.
If the client flash proxy wasn’t limited to GET and POST and didn’t require crossdomain files all over the place, then maybe I would have gone with that.
Instead, I decided on jsonp, with a servlet filter that emulates other HTTP verbs, Content-Type and request body. At least this way my REST service doesn’t have to change. I’ve only built an adapter for JavaScript’s silly limitations.

It’s enough to make me want throw up my hands and start writing Objective-C.

Leave a Reply

Your email address will not be published. Required fields are marked *