cross domain webservice requests from client

  • Thread starter Florian Leitner
  • Start date


Florian Leitner


currently I am trying to figure a solution to the XSS security in
JavaScript when I want to use webservices:

My goal is to build a webpage that makes a SOAP call on the client side
to fetch data from another domain, and mix this data with annotations
our domain will provide. The important point is that the SOAP request to
the other domain has to come from the client, as the number of requests
per day is limited and the policy of their service does not allow the
distribution of their data by third parties, therefor the clients have
to fetch the data "by themselves". As the XmlHttpRequest can only be
used on the original domain, the best workaround I can imagine so far is
to add a Java Applet which will run the SOAP request and then access the
data using document.myApplet.getSOAPResultData()

Is this the only way to circumvent this problem? Could I somehow
propagate the request to the SOAP server without making the SOAP server
register my IP as the client IP, but the IP of my clients (because of
the daily limit; using a proxy would make the server register my IP
versus the daily limit, no?).

Any hints or links on how to call cross-domain webservices in JS are
welcome! Thanks.



Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question