SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Sep 2008
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How do Twitter make their API cross-domain accessible?

    Hi there,

    I can understand how Twitter make their JSON feed available cross-domain as it returns JSON-P to call a function of the users choice.

    But what about the RSS feed, how is it possible for developers to grab that feed data without any security implications?

    Kind regards,

    M.

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    The same way your browser downloads the HTML pages. With HTTP request.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Enthusiast
    Join Date
    Sep 2008
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so when does cross-domain security become an issue?

    I was of the understanding that if domain A made a request via JavaScript's XHR method for any resource under domain B then the browser would consider it a cross-domain request and thus a security threat?

  4. #4
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can't access RSS feeds like you access JSON-P.

  5. #5
    SitePoint Enthusiast
    Join Date
    Sep 2008
    Posts
    48
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry, seems I was mistaken. I thought i had seen an example where a developer had used AJAX to request the RSS from Twitter but wasn't using a proxy (seems they were using a proxy to acheive this).

    My next question is how can this be achieved without a proxy, or more specifically how can this be acheived with iFrames?

    One hack most people attempt is setting
    Code JavaScript:
    document.domain
    inside the document of the iFrame loading the external resource, but this won't work when loading an XML file into the iFrame as you can't run JavaScript within XML but also because on a site like Twitter which I have no access to I obviously can't set the document.domain because they just wont match.

    I've heard that another solution is to create a sub domain and load that into the iFrame and then through DNS repoint the sub domain to the 3rd party site you wish to use, but surely that wouldn't work without the cooperation of the 3rd party site? I don't know enough about DNS settings so maybe someone can elaborate on this for me please and give an explanation/example on how to set-up the DNS of a subdomain to achieve this.

    Thanks again for all your responses so far.

    Kind regards,
    M.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •