Geek asks and answers

Retrieve third-party JSON data and bypass SOP

The same origin policy prevents me from receiving the JSON data that I need from another website (with permission). I saw one person who worked on this with JsonpRequestBuilder, but I'm not sure if this would be the best solution for me. The only option that comes to my mind is to have a mediation servlet on my server.

What is my best choice? I have problems with both methods. With a mediocre servlet, I worry about the delay that will introduce itself. With JsonpRequestBuilder, it looks like I have to create a full JavascriptObject for each method that I will call from another site, although I only need to pull some of these methods out of the values.

+3
source share
3 answers

I do not use Java, but JSONP is what I usually implement when I need cross-domain chatter, and I'm sure that someone will make a Java library that deploys it. This requires a change on the site of the third part, but it is a very simple change.

EDIT: Looks like this is what this library does, sorry ... but still ... this is the way to go :)

+2
source

Check out the CORS specification . We use this to successfully bypass SOP using our own GWT devmode Jetty server.

+1
source

" JavaScriptObject", JavaScriptObject JavaScript Java-, , "" :

public native String getFoo() /*-{
    return this.nested[0].obj.foo;
}-*/;

Whether you will use JSONP (and JsonpRequestBuilder) or a “proxy servlet” actually depends only on the features of the “service” that you need to call: JSONP is JavaScript, not JSON, so the server should return a “JSONP response script” , or you won’t be able to use JsonpRequestBuilder (and likewise, you won’t (safely) use CORS or a proxy servlet if the server returns a "JSONP script" rather than application/json).

+1
source

More articles:


All Articles