Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Web sockets make ajax/CORS obsolete?

Will web sockets when used in all web browsers make ajax obsolete?

Cause if I could use web sockets to fetch data and update data in realtime, why would I need ajax? Even if I use ajax to just fetch data once when the application started I still might want to see if this data has changed after a while.

And will web sockets be possible in cross-domains or only to the same origin?

like image 317
ajsie Avatar asked Oct 28 '10 12:10

ajsie


People also ask

Can WebSocket replace Ajax?

WebSockets isn't intended to replace AJAX and is not strictly even a replacement for Comet/long-poll (although there are many cases where this makes sense). The purpose of WebSockets is to provide a low-latency, bi-directional, full-duplex and long-running connection between a browser and server.

When should I use WebSockets vs Ajax?

Ajax uses the HTTP Protocol and can send requests using POST/GET methods from Client to Server. WebSocket is itself a protocol to communicate between Client and Server, distinct from HTTP. In Ajax when you send a request , server sends response for that request and connection ends.

What will replace WebSockets?

SSE is an excellent alternative to WebSockets. They are limited to the browser's connection pool limit of ~6 concurrent HTTP connections per server, but they provide a standard way of pushing data from the server to the clients over HTTP, which load balancers and proxies understand out-of-the-box.


2 Answers

WebSockets will not make AJAX entirely obsolete and WebSockets can do cross-domain.

AJAX

AJAX mechanisms can be used with plain web servers. At its most basic level, AJAX is just a way for a web page to make an HTTP request. WebSockets is a much lower level protocol and requires a WebSockets server (either built into the webserver, standalone, or proxied from the webserver to a standalone server).

With WebSockets, the framing and payload is determined by the application. You could send HTML/XML/JSON back and forth between client and server, but you aren't forced to. AJAX is HTTP. WebSockets has a HTTP friendly handshake, but WebSockets is not HTTP. WebSockets is a bi-directional protocol that is closer to raw sockets (intentionally so) than it is to HTTP. The WebSockets payload data is UTF-8 encoded in the current version of the standard but this is likely to be changed/extended in future versions.

So there will probably always be a place for AJAX type requests even in a world where all clients support WebSockets natively. WebSockets is trying to solve situations where AJAX is not capable or marginally capable (because WebSockets its bi-directional and much lower overhead). But WebSockets does not replace everything AJAX is used for.

Cross-Domain

Yes, WebSockets supports cross-domain. The initial handshake to setup the connection communicates origin policy information. The wikipedia page shows an example of a typical handshake: http://en.wikipedia.org/wiki/WebSockets

like image 135
kanaka Avatar answered Sep 30 '22 21:09

kanaka


I'll try to break this down into questions:

Will web sockets when used in all web browsers make ajax obsolete?

Absolutely not. WebSockets are raw socket connections to the server. This comes with it's own security concerns. AJAX calls are simply async. HTTP requests that can follow the same validation procedures as the rest of the pages.

Cause if I could use web sockets to fetch data and update data in realtime, why would I need ajax?

You would use AJAX for simpler more manageable tasks. Not everyone wants to have the overhead of securing a socket connection to simply allow async requests. That can be handled simply enough.

Even if I use ajax to just fetch data once when the application started I still might want to see if this data has changed after a while.

Sure, if that data is changing. You may not have the data changing or constantly refreshing. Again, this is code overhead that you have to account for.

And will web sockets be possible in cross-domains or only to the same origin?

You can have cross domain WebSockets but you have to code your WS server to accept them. You have access to the domain (host) header which you can then use to accept / deny requests. This can, however, be spoofed by something as simple as nc. In order to truly secure the connection you will need to authenticate the connection by other means.

like image 24
Josh K Avatar answered Sep 30 '22 23:09

Josh K