Cross Domain AJAX Calls and the RSS Reader

Just the other night I sat down and decided to write an RSS reader that could be easily embedded into a web page. My plan was to use AJAX to pull the news feed and display it. I had just finished up another AJAX test project the week before and so I decided to use the Prototype library. Everything seemed very simple, I completed the code to download the feed and display the top 5 or so headlines in a nice little box. I even had a nice little spinny while the feed was downloading.

Just when I thought I was finished I opened the reader in Firefox and that is when my fun first started. The reader wasn’t working! I checked my code, I checked the Firefox console and there were no errors. Thinking it might have been a problem with Prototype I reverted back to some AJAX code that I had used before and re-wrote the reader to use it. Same issue except this time I was getting a security error in the console. A quick Google revealed an unfortunate issue. Firefox did not allow cross domain calls, meaning because the call was not coming from the same domain it is considered a security concern. I did find some code that you could add that would force Firefox to ask whether the user wanted to download the feed, but knowing that it would cause concern for most users, I decided to cut my losses and just display a nice message stating Firefox was not supported at this time.

Thinking I was complete I loaded it onto a test server and went for a look-see. Hmmm, no feed! Looking at the bottom of my IE I see the all so familiar error page icon indicating that I had a scripting error and sure enough, I get the message, permission denied….

Doing a little more research on the cross domain AJAX issue I realized that IE had the same security restrictions when attempting a call on a remote server versus running the content and making the call locally which I had been doing with Stresser and the RSS Reader. This was very frustrating and so now I was trying to figure out how to salvage the work I had done.

Unfortunately, I did not find a “clean” way around the cross domain issue and so I was forced to use a different method. The new method involved creating a server side page that would download the RSS feed, parse it and create a JavaScript file that could be included by the user.

A most fun night…

~ Bobby