StanScates/Tweet.js-Mod

jQuery AJAX JSON method does not work cross-domain on IE8

lupocreative opened this issue · 1 comments

lupocreative commented

Hi, I love your reworking of the Sea of Clouds twitter plugin. It has really been useful to me since Twitter's 1.0 API was retired. Thank you for all your work on this and making it available publicly.

I am experiencing a problem with cross-domain JSON on Internet Explorer 8. I have been able to fix the cross-domain limitations in most browsers by adding:
header('Access-Control-Allow-Origin: *');
to the top of the PHP file. And I have been able to fix it in IE9 by adding
$.support.cors = true;
to the top of my javascript.

However, IE8 still doesn't like it, the JSON request is failing. I have been reading lots about IE8 using XDomainRequest (XDR) instead of XMLHttpRequest, but it's way beyond my comprehension.

Some information on a workaround is here, specifying a XDR request for IE with a jQuery AJAX fallback: http://graphicmaniacs.com/note/getting-a-cross-domain-json-with-jquery-in-internet-explorer-8-and-later/

I wanted to let you know about this limitation, in case you wanted to work it into a later release of the plugin. Thanks again.

StanScates commented

Hey @lupocreative,
I really appreciate all your research and effort on this.

The thing about cross domain AJAX requests, in this case, is that they aren't necessarily good. While doing so offers the flexibility of being able to have a single endpoint serving many different clients or something similar to that, it comes with the drawback that someone could potentially point a script at your endpoint, perhaps eating away at your quota or some such. While I do find this scenario highly improbable as the effort needed to do so would be far greater than that of using their own endpoint, when I created this I chose to use JSON instead of JSONP, hoping to leverage the Same Origin Policy as somewhat of a security benefit.

This behavior can be changed, however, and if you understand and are OK with the potential implications of using an open endpoint or have further questions / want to speak more please contact me at my email address and we can decide where to go from there; I would be happy to potentially create a JSONP fork for you, if that's what the situation warrants, or help you along in any other way I can.

Sorry if any of this wasn't clear, feel free to shoot me an email or open another issue if you wish.
Your pal,
-Stan