You all know the same origin policy. And you have all probably heard about json-p. But there is a better way: CORS. With oauth, openid, and applications opening up JSON-based endpoints, your browser is the perfect place to combine data into new apps – less server side programming needed. CORS allows you to have your web apps talk directly and securely to any server, not just the origin. It is relatively simple to use, with a few tricks and gotchas. Let me show you how it works and how it can be setup (warning: some servers will be hurt).
- The bit between data and you - video presentation from Matthew Sheret
- The best interface is no interface - video presentation from Golden Krishna
- Barbara Bermes - A publisher's guide to 3rd party scripts