HTTP proxy for AJAX applications
Using Asynchronous JavaScript and XML (AJAX) can increase the responsiveness and usability of web applications by loading data or markup fragments from a server using asynchronous requests, that are processed background, and thus do not interfere with the web page currently displayed in the browser.With AJAX, the Web application exchanges only small amounts of data between the server and the client, and refreshes small parts of the markup only. AJAX is also useful for developing portlets and mashups that aggregate content from various different sources into a uniform user experience.
For example, this can be RSS or Atom feeds or other data retrieved from external REST services.
To prevent cross site scripting in such web applications, browsers introduced the so called same-origin policy. This policy prevents client side scripts, in particular JavaScript, from loading content from an origis that has a different protocol, domain name, or port.
To overcome this restriction, some browser vendors offer solutions that are based on signed scripts. However, using a signed script does not mean that a script can be trusted. Another disadvantage of these browser specific solutions is that they rely on the user to configure the browser accordingly.
The solution that IBM WebSphere Portal offers is based on a server side HTTP proxy, the HTTP Proxy for AJAX Applications (aka AJAX Proxy). The underlying security model allows administrators to restrict access to trusted origins in a very flexible way. The AJAX Proxy can be used for developing themes, skins, static pages, or portlets. The following sections explain how to use and configure the AJAX proxy.
- AJAX proxy configuration
- The programming model for using the AJAX proxy
- XML schema of the proxy-config.xml file
Parent: Web 2.0 user interface features