Of CORS We Do

If you’re a JavaScript head, we’ve got something for you. SoundCloud now supports Cross Origin Resource Sharing, using XMLHttpRequest. Or, to put it another way: no more implausible JSON-P hacks.

Some background on CORS can be found here and here.  Our implementation is super-simple:  we let you do GET requests, for our public resources. Full documentation of the feature is on our wiki, but here’s a bit of code to get you started:

var invocation = new XMLHttpRequest();
// Internet Explorer uses a propritary object called XDomainRequest
var url = 'https://api.soundcloud.com/tracks';
function callOtherDomain() {
    if (invocation) {
        invocation.open('GET', url, true);
        invocation.onreadystatechange = handler;
        invocation.send();
    }
}

As we’re just setting headers, the implementation was done as an addition to our Rack stack, which means that it’s easy for us to pull out or move around as needed. Once the appropriate headers are added, these newfangled modern browsers handle the rest.