Java Reference
In-Depth Information
Clients and Servers
The web of computers known as the Internet can be separated into two parts: clients and
servers. A
client
, such as a web browser, will request a resource (usually a web page) from
a
server
, which processes the request and sends back a response to the client.
JavaScript was originally designed as a
client-side
scripting language, meaning that it ran
locally in the browser, adding dynamic features to the web page that was returned from the
server. Ajax means that JavaScript can be used to request resources from a server on behalf
of the client. The resources requested are usually JSON data or small fragments of text or
HTML rather than a whole web page.
Consequently, a server is required when requesting resources using Ajax. Typically this in-
volves using a
server-side
language such as PHP, Ruby, Node.js, or .NET to serve the data
response following an Ajax request (usually from a back-end database). To practice using
Ajax, you can either set up a local development server on your own computer, or request
the files from an external website that uses cross-origin resource sharing (CORS) in order to
avoid the same-origin policy that browsers enforce. All the examples in this chapter can be
run without having to set up a local development server, although it may be worth looking
into if you wish to do a lot of Ajax or server-side development.
Note: The Same-origin Policy and CORS
The
same-origin policy
in browsers stops any data being transferred from a
domain that is different from the page making the request. This policy is en-
forced by all modern browsers and is to stop any malicious JavaScript being
run from an external source. The problem is that the APIs of many websites
rely on data being transferred across domains.
Cross-origin resource sharing (CORS)
is a solution to this problem as it al-
lows resources to be requested from another website outside the original do-
main. The CORS standard works by using HTTP headers to indicate which
domains can receive data. A website can have the necessary information in its
headers to allow external sites access to its API data. Most modern browsers
support this method and respect the restrictions specified in the headers.
