Cross Domain Server Requests / AJAX


With the enforcement of domain of origin security model for browsers, many innovative mash-ups are virtually impossible. There have been hackish ways of achieving this, but quelling cross-browser anomalies warrants for a library that could do this. While writing a bookmarklet, this is a normal situation as you are almost never on the page that fetches more data for the user.
This is where the YUI implementation of YAHOO.util.GET comes in very handy. Though the YUI GET is well documented, I dug into the source code and wanted to write about the internal workings of the file.
To start with, the GET library adds the external file as a script in the HTML document. As the GET request for the scripts always carry the cookies or authentication information of the domain where the script source reside, stateful sessions can be handled without any problems.
The tricky part comes in when the script tag's "onLoad" event is to be detected. For Firefox, the onload works just fine. In case of IE, the onreadystate event is used. Based on the state, the onSuccess handler is fired. In case of safari version < 3.0, there is no way to detect this, and a very interesting implementation is in place. Quoting the comments in the GET file,

script nodes with complete reliability in these browsers, script nodes either need to invoke a function in the window once they are loaded or the implementer needs to provide a well-known property that the utility can poll for.
For the CSS style sheets, Firefox does not throw for onload, and hence, the styles are applied as fetched from the server. There are a lot of quirks and hence, the utility is still in beta. There is also a provision to delete the script node to keep the size of the DOM in control.
One feature or service that I would like to see is a YAHOO proxy that fetches data from any URL, and sends it to the client using the GET utility as var extVariable = []. The extVariable should be configurable. At
the first inspection, this looks pretty safe to get all the data as escaped strings inside the page. The script inside the page could do the harder job of making sense of the data that is fetched, typically using something similar to the paraseJSON method.
Another enhancement could be a possibility to POST forms to the URL. Though it may be difficult to understand the response, an abstraction sure could help passing huge information to servers of different domains.
To summarize, the GET utility is a great step ahead for mash-ups and bookmarklets, and I hope it comes out of beta soon.