I’d like to add an App.net feed to a Jekyll site, pulling the JSON feed on the client using JavaScript from /users/@nick/posts
. But then I learned about the same-origin policy. The JSON feed obviously comes from a different domain and since I don’t have control over the website server nor the App.net’s API, it looks like I can’t use CORS nor JSONP. What are my options?
(An interesting catch is that the code appears to work so far, using XMLHttpRequest
in Chrome and jekyll serve
. Is there an exception for local URLs? Or did I get the same-origin policy wrong?)
Unique workaround stands as a local script proxyfying the distant json. Bear in mind that the same-origin browser policy is here to enforce security. You will break that jail with a workaround.