Cross Domain Requests

This section contains tutorials specific to making cross domain requests with the Conversations API.

Overview

Attempts to use the Conversations API by JavaScript applications in a web browser will be subject to the Same Origin Policy, a security measure imposed by all modern browsers that restricts the ability of JavaScript applications to make HTTP requests across domains.

The following example summarizes the consequences of the Same Origin Policy for a request being made by a JavaScript application from

https://www.example.com/product-page.html

Compared URLOutcomeReason
https://www.example.com/product-page.htmlSuccessSame Host
https://api.bazaarvoice.com/product-page.htmlFailureDifferent Host

The request represented by the first row works because the origin and the compared URL share the same host. The request represented by the second row fails because the origin and the compared URL have different hosts. For a more detailed explanation of the Same Origin Policy, please refer to this [link](The request represented by the first row works because the origin and the compared URL share the same host. The request represented by the second row fails because the origin and the compared URL have different hosts. For a more detailed explanation refer the Same Origin Policy.

🚧

The same origin policy does not apply to requests made from a server to the Conversations API or from a mobile app to the Conversations API. The techniques described in this section are not necessary in those scenarios.

The Conversations API supports two techniques for making cross domain requests: CORS and JSONP.


What’s Next

Include links to CORS and JSONP in the API reference.