In my feverish realization yesterday of how much interesting technology is coming out of seemingly nowhere, and in my desire to integrate FOAF, hCard, and every other up-and-coming data format into my ContactCard script, there’s something I totally spaced out on.
There is no way I can tell the ContactCard to get all the contact information from all these external sites because that’s cross-site scripting and the browser’s not going to allow it (or the user’s going to have to click a little dialog to OK the transaction).
Which brings me to another realization: AJAX is neat, but it’s not so cool if you want to do anything with data gathered elsewhere.
It puts a pretty severe limit on what you can push into the client and what you can’t. There seems to be this huge push to get things back in the client (the classic “centralize/decentralize” seesaw), but we’ve got this [justifiable] security barrier that’s stopping truly rich client-side web-based applications from working.
It’s so limiting. There are a lot cool services available out there - Amazon, Google, etc. - and I have to proxy the web service calls. Which means I can’t just stick the script on my site and call ‘er good.
So what now? Do I need to set up a web request proxy? Is it worth the bother?
Think about this - I can include script from other servers dynamically (through <script /> tags), I just can’t make separate requests for it. What if people stopped coming up with XML description formats and microformats and all of these other ways that I can’t access the data from the client and instead came up with data formats in JSON? (Yeah, I’m throwing away security on that one, but let’s ditch the practicality for just a second and think outside the box. You can shoot me down later.)
Maybe you could be allowed to make requests to external sources, but only ones that return a valid XML document. Limiting, but not quite as limiting as what we’ve got today.
Or is AJAX just overrated? By the time I get my safe JSON object proxy, will we be back to storing everything on the server because the client is too bloated?