atom feed3 messages in com.yahoogroups.wdf-domRe: Google Maps API and Same Origin P...
FromSent OnAttachments
ShawnOct 27, 2005 3:55 am 
ShawnOct 27, 2005 8:03 pm 
ShawnOct 31, 2005 4:26 pm 
Subject:Re: Google Maps API and Same Origin Policy
From:Shawn (03sj@yahoo.invalid)
Date:Oct 31, 2005 4:26:53 pm

If the API required a proxy, we wouldn't see and in busmonster's subsequent http headers. Sites using the Maps API are loading 3rd party data without proxies and without triggering same-origin exceptions.

I now have an answer to my earlier question.

I registered a Google Maps API key and did a bit of hacking on a local copy of the script. It turns out that it was a trick question because the API script isn't sidestepping the same origin policy at all. But at first glance it looks like it does.

I mistakenly thought the Maps API was doing something like this:

1. onmousedown, start to track pan 2. onmousemove, track position as map is panned 3. when a set threshold is reached, send new position to map server 4. map server sends back a set of URLs for the needed images 5. script inserts these new images into the DOM

In the speculative steps above, numbers four and five violate the same origin policy as text strings from the foreign server are finding their way into the DOM (as IMG src attributes). But this is not what's happening.

The image URLs are built internally according to a predetermined scheme. Nothing is being injected in to the DOM from the map-server.

Seeing GMap's tiles load in to Busmonster only gives the impression that something is finding its way in [to the DOM] from the outside. Of course, the binary image data is being loaded by the browser on to the screen and *not* in to the DOM (as IMG src attributes only serve as references).