Cross Domain Access and Web Services

Through my readings on trying to find out why my OpenSocial Metagenomics application hasn’t been working last week, I discovered something I probably should have known/seen when I first started. Security issues with Javascript are well known to anyone who has tried to code with it, but I never truly understood what issues they were until now. First of all, the application is attempting to make service calls to Rob Edward’s cellphone-based Real Time Metagenomics site to submit a fasta file in order to receive a JSON object. Now, the problem is that I’ve been using Javascript’s XMLHttpRequest object to make calls to the website from the application and this is causing a cross domain security problem in which the call doesn’t go through. This is a huge disconcern for web app developers because cross domain service calls are becoming more and more necessary with the increase in popularity of social networks. But it makes sense for a browser to implement this type of security because allowing anyone to freely open a web service connection could allow hackers and others to intercept the connection.

So, after reading other’s blogs on this issue I am finding that there currently isn’t a set custom in working around this problem but there are some workaround solutions available, such as getting Javascript to call a proxy program, having the desired server to call a proxy program, implementing a script tag hack, and more. I am hoping to soon find a solution that doesn’t come with any downfalls so I would not have to use any of these methods, but I am not counting these out just yet. These may be the only solution right now but I’ll keep looking for something that sounds more suitable for me.