HTML and CSS Reference
In-Depth Information
Last, we simply output the results to the DOM for you to see, but in reality, this information could be used for
other purposes more specifically tied to an ad server, such as for detecting a user's user agent, platform, app name,
and version number.
There are many ways to leverage a worker. Perhaps you want do some complicated math or a repeating
animation function; either way keep in mind that performance is ultimately everything, and providing a snappy
experience goes a long way in ads, as well as on the Web in general.
■
Web workers do not have access to the following Javascript objects: DOM, Window, Document,
and parent Objects.
Note
CORS
Have you ever introduced people from two different crowds to each other? Rather than have them chat for the first
time without you, you'd typically facilitate the introduction and conversation to ensure that the parties get to feel
comfortable with each other. The same principal applies with resource sharing on the Web. Cross-origin resource
sharing (CORS) defines how browsers (clients) and servers (hosts) can and should communicate with each other
when accessing resources from different origins using normal HTTP requests.
CORS allows both the browser and the server to comprehend enough information about each other to determine
if the request or response should happen or not. This means some configuration is needed at the server or host level
as well as at that of the client. CORS is a specification that permits open-access resource sharing across domain
requests without limitations of the “same-domain” policy, which authorizes scripts running on pages originating from
the same site to access each other's methods and properties.
Let's face it, we often need to request data from a resource that doesn't have the same domain as the one we are
requesting from. For this, there are workarounds, such as using JSON-P or a custom proxy service, but this takes more
operational time to develop—plus wouldn't it be nice to just request what you need, when you need it, and know that
the source can be trusted by the client and you're allowed to do so? To go back to the example above, since our two
friends met, they should feel comfortable enough to call upon each other in the future.
■
Note
CORS in Advertising
Let's say an ad hosted from DoubleClick wants to access some information on the site
www.nytimes.com
.
This type of
integrated publisher operation is typically a roadblock ad experience, one that would take a lot of time for both the
creative agency, publisher and ad server to develop and pull off. Since the publisher and ad server reside on different
domains, any scripts or access to scripts between the two traditionally wouldn't be allowed under the browser's same-
origin policy, covered earlier.
However, by supporting CORS on the server and client, the
www.nytimes.com
domain can add a few special
response headers that allow DoubleClick to access the site's data respectfully. This could mean the ad served by
DoubleClick, a third party ad server, could rely on scripts hosted by the
New York Times
or even parse data from its
site—essentially, becoming “whitelisted” for all future data transfers or just for the life of the campaign. Think back
to our
canvas
examples in Chapter 4, where we couldn't reference images from an external domain. Now with CORS,
we can! We can pull images from an external domain cleanly, without any errors thrown into the browser with CORS
enabled. This gets really interesting when ad servers become “whitelisted,” with certain data providers and publishers
allowing them to pull information from various trusted sources. Let's look at Listing 6-7, where we use CORS to
request data from one domain in order to display the response information.
