How to circumvent same-origin policy for a 3rd party https site?

Question

I have a http:// site that needs to access a 3rd party JSON API that is exposed on an https:// site. I've read through Ways to circumvent the same-origin policy, but it seems the methods described there aren't appropriate for me:

1. The document.domain method - only works on subdomains.
2. The Cross-Origin Resource Sharing method - requires server cooperation.
3. The window.postMessage method - seems to require opening a popup window?
4. The Reverse Proxy method - A possible solution, but seems a bit too hard to setup.
5. http://anyorigin.com - seems to not support SSL.

Is this it? Must I implement solution 4, which seems rather complicated, or am I missing something?

Answer 1

Sorry, it seems that anyorigin.com does support https.

The reason I naively thought it doesn't, is because the API in question returns JSON, and I thought I would actually just get a plain text response (as in my tests with using anyorigin.com on google.com). When it returned just an object, I figured something was broken.

It appears the object simply returns the parsed JSON, so I'm good to go!

Update - anyorigin.com stopped working with some https sites a few weeks after I posted this, so I went ahead and wrote whateverorigin.org, an open source alternative to anyorigin.