Cross-domain requests are requests made for resources in a different domain. Such requests, when originated from JavaScript, have some restrictions imposed by the browser; these are called same-origin policy restrictions. Such a restriction stops the browser from making AJAX requests to domains that are different from the script's original source. The source match is done strictly based on a combination of protocol, host, and port.
For our own app, the calls to https://api.mongolab.com
are cross-domain invocations as our source code hosting is in a different domain (most probably, something like http://localhost/....
).
There are some workarounds and some standards that help relax/control cross-domain access. We will be exploring two of these techniques as they are the most commonly used ones. They are as follows:
- JSON with Padding (JSONP)
- Cross-Origin Resource Sharing (CORS)
A common way to circumvent this same-origin policy is to use the JSONP technique.