I've just read this article over at Particle Tree
Is this accurate:
If security is not an issue, a JavaScript based API will actually work out very nicely. If we host a JavaScript file, users of our API can include this file on their page, and call functions from that file. Cross Domain Ajax isn’t a problem since the file sits on our server.
I was always under the impression that would fail when attempting an ajax operation. In fact I'm sure I've written some code to try this, can anyone verify if this is accurate?
In fact I'm sure I've written some code to try this, can anyone verify if this is accurate?
As written, it isn't. The origin of the JS doesn't matter, only the origin of the page and the origin of the data you are trying to access.
I think it is trying (badly) to explain JSONP which would allow you to bypass the same origin policy (since the script and the data are the same thing in JSONP).