After some initial frustration that this was troublesome, I explored the possibilities:
- Use CORS. Yep, that’s the cool solution. Cross-Origin Resource Sharing is very simpel and supported by all recent browsers. You simply have to retun a Response Header in the API responses and a browser that supports CORS will then let the AJAX requests pass. The response header is this:
The big benefit here really is, that I can use plain AJAX calls including all HTTP verbs (POST, PUT, DELETE, etc.) not just GET. It feels like you are using the RESTful API from a native mobile client, where you also do not have to worry about the same origin policy.
I’ve put up a tiny demo page that shows how you can quickly search a hybris eCommerce platform via the OCC Web Services here. This link will expire at some time, but the key takeaway is that there is no special client-side code required. Just plain AJAX. You only need to have control over the API and set the HTTP response header described above.
Let me know what you think of this and if you know of other solutions I am not aware of!