I’d like to add an App.net feed to a Jekyll site, pulling the JSON feed on the client using JavaScript from /users/@nick/posts. But then I learned about the same-origin policy. The JSON feed obviously comes from a different domain and since I don’t have control over the website server nor the App.net’s API, it looks like I can’t use CORS nor JSONP. What are my options?
(An interesting catch is that the code appears to work so far, using XMLHttpRequest in Chrome and jekyll serve. Is there an exception for local URLs? Or did I get the same-origin policy wrong?)
Unique workaround stands as a local script proxyfying the distant json. Bear in mind that the same-origin browser policy is here to enforce security. You will break that jail with a workaround.