Restricted Cross-Domain Calls

A security feature of modern Web browsers is the inability of JavaScript to communicate with a Web site other than its home site. For example, JavaScript at www.jadeworld.com can send messages to the server at www.jadeworld.com but not to the server at www.google.com, which has a different address.

This places severe restrictions on the use of JavaScript to invoke Web services. The service provider must reside on the same domain as the JavaScript; that is, the JADE service provider and the server on which the JavaScript is located must share the same domain name.

In a simple case, where the directory containing the jadehttp.dll file is the JADE binary directory c:\jade\bin and has the alias jade in Microsoft Internet Information Server (IIS), the JavaScript must reside in a subdirectory of the JADE binary directory.

The browser can access the JavaScript files using the following IIS address, as follows.

http://webserver/jade/Provider_testharness.html

Web browser security prevents direct access through the file URL, as follows.

file:///c:/Jade/bin/Provider_testharness.html

The accepted way to invoke cross-domain Web services from JavaScript is through your Web server; that is, arrange for the JADE Web service provider on your Web server to consume the external service (for example, the Google search service) and then create a provider in JADE to provide that service to your JavaScript.

The JavaScript performs a Web service call to the JADE service provided by your Web server, which acts as an intermediary and requests the data from Google.