I am currently in the process of developing a JavaScript widget that retrieves approximately 4-6KB of data from a WCF service that I have hosted. This widget utilizes the canvas tag (HTML5) to create various charts. My goal is to make it easy for anyone to embed this widget on their websites by simply copying and pasting some HTML and JavaScript code provided by me.
However, I have encountered a major obstacle: the Same Origin Policy. This policy restricts any XHR requests from the host domain of the widget to my WCF service on my domain. As a result, users of the widget are unable to access the data from my WCF service, which typically provides responses of around 4-6KB per request.
In my research, I have come across several potential solutions, as discussed on this site:
- JSONP (compatible with my WCF service)
- Hidden Iframes (not feasible due to lack of control over both domains)
- window.postMessage (uncertain about compatibility with older browsers like IE6)
- Cross-Origin Resource Sharing (CORS) (difficult to implement for support of older browsers like IE6)
- The Reverse Proxy method (challenging due to lack of control over the user's website server)
- easyXDM (potentially viable, but requires further exploration for integration with my WCF service)
Firstly, I would appreciate your confirmation regarding the accuracy of my analysis of these different approaches. Additionally, I welcome discussions on the advantages and disadvantages of each approach.
Secondly, I am aware that companies like Facebook, Twitter, and Google have successfully shared their apps in a similar manner to what I intend to do. I am seeking guidance on where I can find more information on how they resolved this issue.