Name: Cudder !cXCudderUE 2015-05-03 13:44
I don't usually touch web apps, but when I do, it's either because a client wanted it or it seemed an extremely fitting use-case...
Suppose you have a set of sites, which are not under your control, that you want to aggregate data from and process, then present on another webpage. Furthermore, suppose that these sites contain data that you don't want to send to a remote server, either because they require credentials you don't trust a 3rd-party with or contain sensitive, personalised data.
It sounds like the perfect job for a "web app" - basically, just a single page that uses AJAX to fetch the data from the remote sites and then JS to process it and show the results would be ideal. It could be done with native code, but why not take advantage of what the browser offers for interacting with websites?
Except... it doesn't work. AJAX requests can't go across different sites! There is a way to do it which requires both ends cooperating (which can't happen in this case), or asking another server to fetch the data (again, not allowed). The reason is again "security"; but consider that if cross-origin requests were allowed, web apps might actually be 1000x more useful and closer to what native code can do than the castrated "render a UI client-side" crap they are today.
Many of you are probably screaming "but muh security!! muh monies in muh bank account!!" at this point - and you would be right, allowing any site to access data from any other site might not be the best idea - but so is allowing any site to run JS in the first place! If per-site JS settings had become the norm we might've gotten the fine-grained permissions ("allow site X to access site Y?") that gives the user control and lets these extremely powerful web apps thrive, but thanks to the retarded "every site should be allowed to run JS and browsers should have it defaulted to on" notion we got this watered-down crap that needs a ton of jumping-through-hoops and can't even do anything close to what "native apps" can do despite the "appers" thinking it can. It's amusing to see the sites that do manage to do such aggregation need to proxy the requests through a server and then give it back to you, which is the stupidest thing for actual security.
What a load of bovine fecal matter.
Suppose you have a set of sites, which are not under your control, that you want to aggregate data from and process, then present on another webpage. Furthermore, suppose that these sites contain data that you don't want to send to a remote server, either because they require credentials you don't trust a 3rd-party with or contain sensitive, personalised data.
It sounds like the perfect job for a "web app" - basically, just a single page that uses AJAX to fetch the data from the remote sites and then JS to process it and show the results would be ideal. It could be done with native code, but why not take advantage of what the browser offers for interacting with websites?
Except... it doesn't work. AJAX requests can't go across different sites! There is a way to do it which requires both ends cooperating (which can't happen in this case), or asking another server to fetch the data (again, not allowed). The reason is again "security"; but consider that if cross-origin requests were allowed, web apps might actually be 1000x more useful and closer to what native code can do than the castrated "render a UI client-side" crap they are today.
Many of you are probably screaming "but muh security!! muh monies in muh bank account!!" at this point - and you would be right, allowing any site to access data from any other site might not be the best idea - but so is allowing any site to run JS in the first place! If per-site JS settings had become the norm we might've gotten the fine-grained permissions ("allow site X to access site Y?") that gives the user control and lets these extremely powerful web apps thrive, but thanks to the retarded "every site should be allowed to run JS and browsers should have it defaulted to on" notion we got this watered-down crap that needs a ton of jumping-through-hoops and can't even do anything close to what "native apps" can do despite the "appers" thinking it can. It's amusing to see the sites that do manage to do such aggregation need to proxy the requests through a server and then give it back to you, which is the stupidest thing for actual security.
What a load of bovine fecal matter.