RSS
While playing with Yahoo! API for text extraction I faced the well known problem of using XMLHttpRequest to fetch data from another site (cross site scripting is, by default, denied). What I was simply trying to do were fetch a page from a site of choice and then “push” it as the “context argument” of the Yahoo! query. That way I could get the “relevant” words for that document (“And then? So?” you’d ask. “I don’t know” is my answer, just playing ).
I did resort with the natural way to shut down the security constraint of Netscape/Mozilla, adding userpref("signed.applets.codebaseprincipal_support", true); in my own Firefox pref.js, and then asking the user (being myself) to accept the security risk with netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead'); in my javascript code.
But there is another, hackish and cool way to prevent XMLHttpRequest to annoy people doing “the right thing” :) I just read this article about faking the xmlhttprequest security restrinction using apache mod_rewirte. Awesome, isn’t it? Practically, you need a RewriteRule in your local Apache (where the xhr page resides) that proxy [P]ass a fake “local request” to the remote host, and the pass again the response to your script.
Yes, you also need to enable the proxy support in Apache.
Read on that article for the pesky details :)