Cross-Domain requests and CORS

A HTTP request is said to be a cross-domain request when a resource makes that request to a different domain than it originated from. Web pages frequently make Cross-Domain requests to load images, scripts and CSS files. Cross-Domain requests that are fired from JavaScript have some restrictions according to the Same-Origin Policy. Normally browsers don't allow making such requests due to security reasons.

Frequently we face scenarios to consume third-party services, feeds etc. from JavaScript, one of the ways to achieve that is through JSONP calls. But the JSONP mechanism has its own limitations they are used to make only HTTP GET requests and they are vulnerable to security issues. Because of the desires of web community the W3C has come up with a new policy called Cross-Origin Resource Sharing or simply CORS that makes cross-domain requests so easy and natural. In this article I'm going to discuss about the basic things of CORS.

Continue Reading

Using HTTP Methods in REST

REST is the acronym of Representational State Transfer that represents a set of principles for creating distributed applications in web. It was first introduced and defined by Roy Fielding in the year 2000. Unlike the traditional RPC-style SOAP services that uses HTTP just as a transport layer, REST uses all the advantages of the HTTP like request verbs, URI, media-types, caching, security etc. Since REST services works like a normal website they are easy to create and consume compared to the RPC-style web services. Some of the famous REST services on the web are Amazon’s Simple Storage Service (S3), Sun Microsystem’s Cloud service, Atom Publishing Protocol etc.

In this article we will see about what are HTTP request methods and how we should use them for REST services.

Continue Reading