Chiming in on the “Cross Domain Ajax” issue

Ok… well… perhaps thats a bit hasty, thats like calling a problem that you’re having with an elephant a “tusk issue” when there are plenty of other good reasons to have a problem with an elephant… A tusk, does not, an elephant make. And I think therin lies a large part of the confusion! XMLHttpRequest doesnt allow cross domain communication. There. I’ve said it. The dirty little secret is out. AJAX has absolutely nothing to do with it. Saying this about AJAX is like calling the Mona Lisa a BRUSH. Thats absurd, right? No, its a very good analogy!

The time has come to give “AJAX” its due on the side of the browser. The issue should be addressed in this way: XMLHttpRequest should function as it always has. It was made, everyone knows it, its loved, and for 90% of all AJAX it is very chewy goodness! Another function needs to be implimented, and browsers need to handle it in much the same way that cookies and stored passwords are handled.

An alert pops up: Domain ABC.COM is trying to access to XZY.COM with your computer. We cannot ensure what data ABC.COM wants to obtain, how they might useit, or how safe this might be. Unless you TRUST ABC.COM, and this communication makes sense, you are advised NOT to allow this communication. Do you want to allow this? Checkbox: “always”, Button: “Allow”, Button: “Deny”

At which point the action is allowed or denied. Ifthe user checked always then the browser should add a one way trust to an internal ACL. ABC.COM is alowed to initiate and maintain communication with XYZ.COM.

XMLGlobalHttpRequest needs, and deserves to be its own beast. Whether the world really *needs* this technology, and whether it’s safe to give it to the world… Well… Historically technologists gives the world tools — which are inherently neutral — and they let the world decide to use them for better or for worse. I dont see any reason for the same natural darwinism not to be applied here.

The next releases of FF, IE, and Opera should have these features in them. Because browsers are in the market to give people what they want… and once this idea comes into use they will realize that they wanted it all along, just never knew it.

Dont tell me a dog fed on kibble doesnt want some real meat… oh yes… it does… but does it *know* it wants kibble? And does not knowing make the desire any less strong? Food (chuckle) for throught

Leave a Reply