AJAX proxy support

AJAX proxy support

To facilitate information access from different domains, the Portal tools offers AJAX proxy support.
Client-side JavaScript-based Web applications often need to access information or services from different domains. Access requests of this type are typical for Java-based programs due to the Java Virtual Machine's built-in security management. Browsers prevent malicious code from being downloaded with the JavaScript and run on the local machine. Most AJAX (Asynchronous JavaScript and XML) Web applications only need to access information from trusted domains, such as news feeds and weather services.
You can use AJAX proxy to declare a trusted list of sites (including specific protocols) and to provide access to them. This proxy is a server-side program that is always deployed to the same domain as the requesting AJAX Web applications. The program facilitates information access by acting as a proxy between the AJAX Web application and the target site or service.
AJAX can increase the responsiveness and usability of your Web applications. The AJAX proxy is included in the Web 2.0 package. You can use the proxy in dynamic Web applications as well as in portlet applications. To enable AJAX support for your project when you create a new project, click Show advanced settings. On the Project Facets page select the Web 2.0 check box.
AJAX allows Web pages to load data or markup fragments from a server using asynchronous requests that are processed in the background and thus do not interfere with the Web page that is currently displayed in the browser. When you use AJAX, your Web application exchanges only small amounts of data between the server and the client and consequently refreshes small parts of the markup only. Therefore AJAX is also useful for developing portlets and for aggregating content from various different sources into a uniform user experience. Content can come from RSS or Atom feeds or other data retrieved from external REST services.
To prevent cross-site scripting in such Web applications, browsers introduced the same-origin policy. This policy prevents client-side scripts, in particular JavaScript, from loading content from an origin that has a different protocol, domain name, or port. To overcome this restriction, some browser vendors offer solutions that are based on signed scripts. However, using a signed script does not imply that a script can be trusted any better as to of what it does. Another disadvantage of these browser-specific solutions is that they rely on the end user to configure the browser accordingly.
The Portal tools offer a server-side HTTP proxy solution, the HTTP proxy for AJAX applications. The underlying security model allows administrators to restrict access to trusted origins in a very flexible way. The AJAX proxy can be used for developing themes, skins, static pages, or portlets.

Related tasks

Enabling AJAX proxy support for a portlet project
Enabling AJAX proxy support for a portlet project