Ajax Design Patterns by Michael Mahemoff

Li Shen’s Ajax Client Engine (ACE) (http://www.lishen.name/) uses Call Tracking to ease development and harden the application in production. Among its many features are several related to Call Tracking:

The AjaxCaller library (http://ajaxify.com/run/Lib/js/ajaxCaller.js), used throughout the AjaxPatterns demos for Web Remoting, uses Call Tracking to pool Calls, which wrap XMLHttpRequest objects.

libXmlRequest (http://www.whitefrost.com/reference/2005/09/09/libXmlRequest.html) is another XMLHttpRequest wrapper. It keeps XMLHttpRequest objects in a pool so they can be reused, and tracks the response status in order to manage the pool.

Some calls need no tracking because they are low-priority uploads of information to the server. For example, a chat app might reasonably ignore the results of uploading the user’s messages because a separate thread is continuously polling for all recent messages. Another example would be uploading information to support Predictive Fetch (Chapter 13), where the worst case is simply the lost opportunity of a performance optimization. Ajaxian.com featured an interesting article on optimizing for this kind of request (http://www.ajaxian.com/archives/2005/09/ajaxian_fire_an.html).

You may be able to get away with a single, global XMLHttpRequest under certain conditions and with care. For example, you can use a lock to ensure there’s only one pending call at each time (which is really a special case of Call Tracking). However, you risk forcing the user to endure long waiting periods.

The refresh period can differ widely, depending on usage context. Broadly speaking, we can identify three categories of activity level:

Sometimes, the best solution uses multiple Periodic Refresh cycles in parallel, each with a frequency reflecting the user’s needs. An interactive wiki, for example, might update news headlines every 10 minutes, online statuses of other users every minute, and content being edited every second.

Instant messaging (or “online chat”) applications pre-date the Web, and, unlike email and other services, web interfaces have never quite worked out, partly due to the fact that people don’t enjoy frequent full-page refreshes. Ajax makes it possible to avoid a complete refresh by pulling down messages with an XMLHttpRequest Call (Chapter 6). Only the new messages need to be sent in each periodic response. In fact, there are several applications under development. Lace Chat (http://socket7.net/lace/), for example, is only a proof-of-concept, but provides good evidence that web-based chat is feasible. Every few seconds the messages update to show any new messages other users may have entered. When you post a message, it’s also handled as an XMLHttpRequest Call.

Like a wiki, Magnetic Poetry (http://www.broken-notebook.com/magnetic/) involves a shared workspace (Figure 10-3). In this case, users move tiles through the space, and the application updates once a second to reflect the new space. As of version 1.7, the entire tile set is sent each time, but there’s the potential to compress the information by sending only recent tile positions. This enables two users to work on the area simultaneously, and one can even see a tile being dragged by a different user, like a low-frequency animation.

Figure 10-3. Magnetic Poetry

Portals, by definition, display various kinds of information. And often that information is of a dynamic nature, requiring periodic updates. Claude Hussenet’s portal (http://www.claudehussenet.com/portal/Welcome.do) contains several portlets:

In each case, the information is volatile and needs to be periodically updated, as is typical for many portlets. Also characteristic of portal applications is the relatively long refresh period, 15 minutes in this case. Each portlet contains a manual refresh too, for immediate results.

Lace Chat (http://socket7.net/lace/) handles Periodic Refreshes to show all users’ chat messages.

The timer is set on startup to periodically call the get() function, which initiates the XMLHttpRequest Call (Chapter 6) for new messages:

  this.timerID = setInterval(function () { thisObj.get(true); }, interval);

get() performs a straightforward query of the server:

  this.httpGetObj.open('POST', this.url, true);
  this.httpGetObj.setRequestHeader('Content-Type','application/x-www-form-urlencoded;
charset=UTF-8');

  var thisObj = this;
  this.httpGetObj.onreadystatechange = function ( ) { thisObj.handleGet(system); };
  this.httpGetObj.send(param);

If the server has changed at all, the entire contents are returned. How does Lace know if the server has changed? Each time the server responds, it generates a hash for the contents. And when the browser next calls for a refresh, it includes the last hash as a parameter to the call. The server sends a full response only if the current hash differs from that specified by the browser:

  [lib_lace.php]
  function getMessageHash( ) {
    ...
    return md5(implode(file(LACE_FILE)));
  }

  [lace.php]
  $_hash = getMessageHash( ); if ($_hash == $hash) exit; // no change
exit($_hash.'||||'.getFileContentsRaw( ));

One of the forces for this pattern is that HTTP connections tend to be short-lived. That’s a tendency, not a requirement. As HTTP Streaming (Chapter 6) explains, there are some circumstances where it’s actually feasible to leave the connection open. Streaming allows for a sequence of messages to be downloaded into the browser without the need for explicit polling. (Low-level polling still happens at the operating system and network levels, but that doesn’t have to be handled by the web developer, and there’s no overhead of starting and stopping an HTTP connection for each refresh, nor of starting and stopping the web service.)

You can use Distributed Events (see later in this chapter) to coordinate browser activity following a response.

A little work on performance issues can help make the system feel more responsive. Some of the performance optimization patterns help:

Submission Throttling (see the next pattern) also involves a periodic call to the server. The emphasis there is on uploading browser-side changes, whereas the present pattern focuses on downloading server-side changes. The two may be combined to form a general-purpose “synchronize” operation, as long as the update frequency is sufficient in both directions. This would improve performance by reducing the amount of overall traffic. The Wiki Demo (http://ajaxify.com/run/wiki) takes this approach.

It’s inevitable that users will leave their browser pointing at web sites they’re not actually using. The rising popularity of tabbed browsing—now supported by all the major browsers—only exacerbates the problem. You don’t want to keep refreshing the page for idle users, so use Heartbeat (Chapter 17) to detect whether the user is still paying attention.

Submission Throttling is vulnerable to integrity issues, because synchronization is being deliberately downgraded. The universe will have moved on since the user submitted the original commands—the time will be different, new information may be available, existing information may have changed or been deleted, and other users may have executed commands in the meantime. All of these scenarios are unavoidable manifestations of the asynchronous nature of Ajax, and the design must take them into account.

The server needs to decide whether to process each incoming command as it’s quite possible some are no longer valid. For example, a stock purchase order might be refused on the basis that the price has just risen or because the server has since expired an initial quote it made to the client. Some of these decisions can be made by standard techniques such as atomic database transactions, but others might require some custom business logic. Furthermore, some business logic will be required to decide what to do with the rest of the Commands in a queue, should one Command in the middle fail. Sometimes, it’s okay to keep processing the rest and sometimes not.

The most obvious algorithm for upload sequencing is a timer. Every minute (say), the browser polls the buffer and makes the corresponding call sequence. Or, if nothing has changed, it might do nothing for another minute. If a timer is used, a decision must be made as to when it will trigger. First, the period is usually fixed, but does not have to be. It might be increased during times of known server activity, or even altered to respond to those constraints dynamically. Furthermore, it might be based on the user in question: service level can be tweaked by giving premium users shorter throttle periods.

A variant, usually more useful, is to cap the rate but immediately send the first command after a long wait. This helps a user who changes information only occasionally. Let’s say the throttle period is 30 seconds. With a standard, fixed-interval, algorithm, the following sequence occurs:

We can still cap the rate at 30 seconds, but upload a command immediately if there’s been no activity for the past 30 seconds:

Prioritization is another technique. A timer might be used for regular events, but with priority given to any critical commands. A Live Form (Chapter 14) might periodically upload the progress of an individual field, so the server can provide suggestions, for example. But as soon as the user proceeds to the next field, a call takes place immediately.

A further consideration is the user’s activity during upload. It’s wise to avoid uploading something the user is currently working on, especially if other users will see it and if they probably won’t be working on it much longer. So, one policy might involve uploading only after a period of idle activity.

There’s no reason to have just one buffer for all commands. It’s possible to have several buffers running in parallel, providing you have considered the consequences of commands arriving in a different order to the user requesting them. Prioritization was already mentioned above, which would be one reason to have several buffers—higher-priority buffers being processed with greater frequency.

Here’s how a blog reader might use three buffers in parallel:

This example illustrates that it’s quite easy to run several buffers without threat to data integrity and without user confusion.

Deciding on the throttle period requires some analysis of user needs. As the previous blog reader example demonstrates, there is a range of periods that might be required:

Google Suggest (http://www.google.com/webhp?complete=1) features Suggestions, so when you type “A,” the browser pops up a list of popular searches beginning with “A.” To prevent against excessive queries, Google Suggest (http://serversideguy.blogspot.com/2004/12/google-suggest-dissected.html) uses Submission Throttling.

Zuggest (http://www.francisshanahan.com/zuggest.aspx) is a Live Search (Chapter 14) showing Amazon results as you type (Figure 10-5). So type “Ab” and you’ll get results like “Basic Ab Workout for Dummies” and “Absolutely Fabulous.” The results are images as well as text, so it would be expensive to search for something you weren’t interested in. So, if you’re searching for “Absolutely,” it’s best to avoid searching for “Ab” and “Abso” and “Absolut” along the way, which is the kind of thing the Google Suggest algorithm would do.

Figure 10-5. Zuggest

To ensure searches are relevant, Zuggest applies a delay while typing. The assumption is that you’ll be typing at a rate of at least one character per second. Any time you hit a key, you’ll see a “Waiting until you’re done ...” message, and you’ll have a second to hit another key. If no key is pressed, the application assumes you were looking for the current term, and performs a remote call.

As explained in the Fat Client pattern, the wiki demo (http://ajaxify.com/run/wiki) throttles in a similar manner.

Gmail (http://gmail.com/) has an auto-save feature that periodically uploads a message being composed.

Prototype (http://prototype.conio.net/) offers a reusable component, TimedObserver, which performs Submission Throttling. ListSomething (http://listsomething.com/), a search engine for classified ads, utilizes TimedObserver for its Live Search.

Periodic Refresh (see earlier) is somewhat the reverse of Submission Throttling: instead of periodically uploading user input, Periodic Refresh periodically downloads server state.

A common trend while performing a periodic update is to include a small Progress Indicator (Chapter 14), often as a Popup with a message such as a “Saving.”

The submission mechanism should ideally be similar to those in similar non-Ajax systems.

Buttons are one common idiom, with a generic label like Submit, Done, or Go!. More meaningful names are usually clearer, being specific to the task being conducted—for instance, “Buy,” “Search,” or “Delete.” Buttons have the benefit of making the Explicit Submission mechanism stupidly obvious: “I click the button, the info’s submitted; I don’t click it, it’s not submitted.”

Relying on a significant keystroke, usually Enter, can also work in the right context, and, by using the keyboard, it supports power users.

Listening for the onblur is another explicit technique, albeit with a submission mechanism that is not apparent from the UI. The nice thing about onblur is that the application can continue submitting without interrupting the usual flow of events. On a Live Form, for instance, users can force a submission with Tab or Shift-Tab, which they would have hit anyway to move out of the tab. It also means the user can click somewhere else on the mouse to force a submission. The downside is the risk of accidental submission. There’s also the question of what the user can do to prevent a submission occurring, having already begun typing something? Perhaps they can blank the field, but clearly, communicating this to the user is not easy.

Explicit Submission leaves open the possibility of too many submissions at once. This might happen because the user is working too fast, or simply because he has grown impatient and begun banging on the mouse button or the Enter key. A few coping strategies are as follows:

No matter how you prevent multiple submissions, be sure to design the server so it can cope with them. RESTful Service (Chapter 9) helps here because it can handle such situations gracefully; e.g., by rejecting any invalid queries.

Brett Stimmerman’s Lace Chat (http://www.socket7.net/lace/) is an Ajax chat application. Lace users type the entire message and then explicitly submit with a Say button. You can also hit Enter after typing the message. Most chat applications work this way. It’s a little more efficient, but the main benefit is actually for the user. It might be confusing to other users to see a partially constructed message, so the composer of that message should rectify any errors before posting the message.

"The Fonz" text adventure (http://www.mrspeaker.webeisteddfod.com/2005/04/17/the-fonz-and-ajax/) is a command-line game (Figure 10-7). In typical command-line fashion, you type something and submit the whole command at once. Interestingly, command lines don’t have to work that way—it’s feasible to provide hints or some validation support as the user types. The Assistive Search Demo (http://ajaxify.com/run/assistiveSearch/) illustrates this point.

Figure 10-7. The Fonz

A9 (http://a9.com), as with many search engines, requires Explicit Submission before it searches for the user’s query (Figure 10-8).

Figure 10-8. A9 search

Submission Throttling (see earlier) talks about automated, periodic submissions, where the present pattern is about the user forcing submissions to take place. The patterns can certainly be combined. Consider text editors that often harden their explicit Save mechanisms with automated backup. An Ajax App can use automated submissions, but allow for manual intervention when the submission must take place NOW.

Live Forms (Chapter 14) often use onblur and onfocus events, a subtle type of Explicit Submission.

Follow up submissions with a Progress Indicator (Chapter 14) to give some feedback.

Given the nature of HTTP, server data must be retrieved periodically—the server can’t directly call the browser when something happens. If the server exposes only the current state, there are two problems:

Neither of these are showstoppers, so exposing only the current state may well be feasible. The alternative is to publish a history of states along with timestamps. That’s more work to output and parse, and it also requires some form of storage on the server. If you are following that option, it’s worth formatting the changes using a standard feed-based approach such as RSS or Atom. You’ll benefit from the abundance of libraries for both browser and server. As a bonus, the service will be generic enough to be used by external clients, if that’s a requirement.

Often, events concern an object that’s changed state. Sometimes, you only need to propagate a pointer to the object; the recipient will then interrogate the object as required. Other times, you need to send the change itself. The latter approach is useful for functionality that requires not just the object’s current state, but the nature of the change. For example, imagine you have an auditing function that logs whenever a budget balance has been increased. It will be much easier if the change event indicates that an increase has occurred. Otherwise, it will have to manually compare the budget against its previous state. For server-to-browser events, indicating the change may be better for performance since it may alleviate a follow-up call to the server.

When an event occurs, there’s usually several pieces of information to pass to listeners—for example, a source object (an object that’s just changed), the nature of the change or action that’s occurred, and meta-information such as event time and unique ID. You can pass this information in different ways:

Each style has its strengths. A string message is the most flexible approach and has the benefit of being a portable format that will work on the server as well. Unfortunately, a string message must often be parsed and formatted to convert to and from useful JavaScript values. A single event object is easier to manipulate and, like a string message, can usually be extended without breaking existing code—the callback function still takes a single value. You can create a factory function to create the event and expose properties, so its interface can be made explicit if you so desire. Finally, a parameter list makes for a cleaner callback function implementation, since you don’t have to extract variables from a wrapper object. However, a long list of parameters is cumbersome and difficult to maintain.

The simplest way to handle events is synchronously. As soon as something happens, the event manager immediately notifies all interested parties. All this happens in the same thread of execution, so each event handler becomes a bottleneck—the main program flow that triggered the event won’t be able to proceed until each event handler has executed.

If some event handlers are slow, you can get more stable performance by handling events asynchronously. Here, the manager maintains a collection of pending events. Each time a new event arises, it simply adds it to the collection and returns—a very quick operation. Using a repeating timer (see Scheduling [Chapter 7]), the manager periodically pulls off pending events and notifies listeners.

There are various decisions involved in asynchronous event handling. First, what sort of collection do you use? A queue is most common, to ensure that events are handled in the order they arise. But sometimes a stack is more appropriate, so that if the manager falls behind, at least the most recent events will have been handled. Another decision is scheduling of the event handler, the object that picks events off the collection. The simplest style is a pure repeating timer, but if the handling takes too long (longer than the timer interval), you’ll end up with multiple processes picking off events. One way to prevent this situation is to have the event handler monitor its own progress and cease activity after a certain time has elapsed.

ActiveMQ (http://activemq.codehaus.org/) is an open source implementation of Java Messaging Service (JMS) (http://java.sun.com/products/jms/), an official Sun standard for enterprise messaging. As such, it provides a way to pass Java objects and strings between different processes, and includes a publish-subscribe mechanism allowing a process to subscribe for all messages in a particular “topic.”

Normally, the processes run server side, but using a servlet adaptor, ActiveMQ effectively gives the web app, through JavaScript, full ability to send and receive messages.

MapBuilder (http://mapbuilder.sourceforge.net) is a framework for mapping web sites, heavily influenced by MVC. The model holds application data such as current maps, positions, and dimensions. The configuration process wires each model to a number of interested widgets, all of which receive notifications when the model has changed.

Dojo (http://dojotoolkit.org/download) is a comprehensive framework aiming to simplify JavaScript development. One thing it does is enhance JavaScript’s standard event management. This includes publish-subscribe functionality. You register one or more functions as publishers and one or more functions as subscribers. When a publisher function is called, all of the subscriber functions will also be called.

LivePage (http://twisted.sourceforge.net/TwistedDocs-1.2.0/howto/livepage.html), mentioned in HTTP Streaming (Chapter 6) examples, is a framework based around Distributed Events.

The first refactoring lays the groundwork for a richer message handling by introducing an event mechanism. There are some minor user-interface differences, for coding convenience. For example, instead of a single “synchronize” point, downloading and uploading are split into independent timing mechanisms; there’s no more background color change while waiting for a message to upload; and a One-Second Spotlight (Chapter 16) effect now occurs when a message has updated, to compensate for the loss of color change. Also, note that a different version of ajaxCaller is used, which allows a callback object to be specified in addition to a callback function.

A model object has been introduced to track the state of each message and to play the role of an event manager, notifying listeners of changes. One type of listener receives notification of any new messages. The other type receives notification of updates to a specific message. New message listeners are held in a single array. Update listeners are held in an array of arrays, with all subscribers to a particular message held in an array that’s keyed on the message ID:

  newMessageListeners: new Array( ),
  messageUpdateListenersById: new Array( ),
  addNewMessageListener: function(listener) {
    this.newMessageListeners.push(listener);
  },
  addMessageUpdateListener: function(messageId, listener) {
    var listeners = this.messageUpdateListenersById[messageId];
    listeners.push(listener);
  },

Notification then works by iterating through the collection of relevant listeners:

  notifyNewMessageListeners: function(newMessage) {
      for (i=0; i<this.newMessageListeners.length; i++) {
        this.newMessageListeners[i](newMessage);
      }
  },
  notifyMessageUpdateListeners: function(updatedMessage) {
    var listenersToThisMessage =
      this.messageUpdateListenersById[updatedMessage.id];
    for (i=0; i<listenersToThisMessage.length; i++) {
      listenersToThisMessage[i](updatedMessage);
    }
  }

How do these events arise? The model object must be started manually and will then periodically poll the server:

  start: function( ) {
    this.requestMessages( );
    setInterval(this.requestMessages, DOWNLOAD_INTERVAL);
  }
  ...
  requestMessages: function( ) {
    ajaxCaller.getXML("content.php?messages", messageModel.onMessagesLoaded);
  },

As before, the server provides an XML Message (Chapter 9) describing all messages. The model steps through each message in the XML, constructing an equivalent JavaScript object. If the message ID is unknown, the new message listeners are notified, and an array of update listeners is also created for this new message. If the message differs from the current message with the same ID, it’s changed, so all the update listeners are notified. Recall that the message update notification is fine-grained: only listeners to a particular message ID are notified; hence the extraction of a message-specific list of listeners.

  onMessagesLoaded: function(xml, callingContext) {
    var incomingMessages = xml.getElementsByTagName("message");
    for (var messageCount=0; messageCount<incomingMessages.length;
          messageCount++) {
      var messageNode = incomingMessages[messageCount];
      var content = this.getChildValue(messageNode, "content");
      content = (content==null ? "" : unescape(content));
      var incomingMessage = {
        id: this.getChildValue(messageNode, "id"),
        lastAuthor: this.getChildValue(messageNode, "lastAuthor"),
        ranking: this.getChildValue(messageNode, "ranking"),
        content: content
      };
      var currentMessage = this.messagesById[incomingMessage.id];
      if (!currentMessage) {
        this.messageUpdateListenersById[incomingMessage.id]=new Array( );
        this.notifyNewMessageListeners(incomingMessage);
      } else if (!this.messagesEqual(incomingMessage, currentMessage)) {
        this.notifyMessageUpdateListeners(incomingMessage);
      }
      this.messagesById[incomingMessage.id] = incomingMessage;
    }
  },
  getChildValue: function(parentNode, childName) {
    var childNode = parentNode.getElementsByTagName(childName)[0];
    return childNode.firstChild == null ? null : childNode.firstChild.nodeValue;
  },
  messagesEqual: function(message1, message2) {
    return    message1.lastAuthor == message2.lastAuthor
            && message1.ranking == message2.ranking
            && message1.content == message2.content;
  }

A new messagesDiv object has also been created to encapsulate the message-handling logic. On startup, it subscribes for notification of new messages. For each message, it performs a similar function to what was previously done on each update: it creates all the message information and appends to the page, along with a newly introduced visual effect (courtesy of Scriptaculous; see http://script.aculo.us).

  start: function( ) {
    messageModel.addNewMessageListener(this.onNewMessage);
  },
  ...
  onNewMessage: function(message) {
    var messageArea = document.createElement("textarea");
    messageArea.className = "messageArea";
    messageArea.id = message.id;
    messageArea.serverMessage = message;
    ...
    messageDiv.appendChild(lastAuthor);
    messageDiv.appendChild(messageArea);
    ...
    $("messages").appendChild(messageDiv);
    Effect.Appear(messageDiv);
    ...
  }

The messageDiv has another responsibility: it must update the display when a message has updated. Thus, it registers itself as a listener on each message. The easiest way to do this is upon adding each new message:

  onNewMessage: function(message) {
    ...
    messageModel.addMessageUpdateListener(message.id, function(message) {
      var messageDiv = $("messageDiv" + message.id);
      var lastAuthor = messageDiv.childNodes[0];
      var messageArea = messageDiv.childNodes[1];
      if (messageArea.hasFocus) {
        return;
      }
      lastAuthor.innerHTML = message.id + "."
        + "<em>" + message.lastAuthor + "</em>"+"."
        + message.ranking;
      messageArea.value = message.content;
      Effect.Appear(messageDiv);
    });
  },

Compared to the previous version, we’re now only redrawing a message when it’s actually changed. Using an event mechanism has helped to separate the logic out. Now, it’s the messageDiv itself that decides how it will look after a message comes in, which is much more sane than the message-receiving callback making that decision.

The refactoring above wouldn’t be very useful if we stopped with an event mechanism. Good for your work experience perhaps, but we haven’t yet added any functionality to justify the effort; it’s basically the same application as before. Not to worry Watchlist Wiki Demo (http://ajaxify.com/run/wiki/events/watchlist) to the rescue! A new watchlist monitors interesting messages, so that when a message you’re watching is updated (by you or someone else), the watchlist will add a summary line.

To start with, the HTML now includes a watchlist table:

  <div id="summary">
    <table id="watchlist">
      <tr>
        <th>Author</th>
        <th>Message</th>
      </tr>
      <tbody id="watchlistBody"></tbody>
    </table>
  </div>

Which messages are in your watchlist? That’s determined by a new checkbox control, one per message:

onNewMessage: function(message) {
  ...
  var watching = document.createElement("input");
  watching.type = "checkbox";
  watching.messageId = message.id;
  watching.onclick = onWatchingToggled;
  ...
}

When the user wants to watch a message, she selects its checkbox. A single function updates the watchlist for all chosen messages. Remember that message update events are fine-grained, so we need to ensure this callback is registered to receive notifications for all the chosen messages and nothing else. So when a user deselects a message, we’ll unregister the function as a listener on that message. Note that this functionality necessitated the creation of an function to unregister listeners, which was never required in the previous version.

function onWatchingToggled(event) {
  event = event || window.event;
  var checkbox = event.target || event.srcElement;
  if (checkbox.checked) {
    messageModel.addMessageUpdateListener(checkbox.messageId, onWatchedMessageUpdate);
  } else {
    messageModel.removeMessageUpdateListener(checkbox.messageId,
         onWatchedMessageUpdate);
  }
}

onWatchedMessageUpdate will now receive notification of any new messages that are being watched. It simply adds a summary row to the table and runs a visual effect:

function onWatchedMessageUpdate(message) {

  var summary = message.content;
  if (summary.length > 35) {
    summary =   summary.substring(0, 15) + "..."
              + summary.substring(summary.length - 15);
  }

  var row = document.createElement("tr");

  var authorCol = document.createElement("td");
  authorCol.className = "authorSummary";
  authorCol.innerHTML = message.author;
  row.appendChild(authorCol);

  var contentCol = document.createElement("td");
  contentCol.className = "contentSummary";
  contentCol.innerHTML = summary;
  row.appendChild(contentCol);

  if ($("watchlistBody").childNodes.length > 0) {
    $("watchlistBody").insertBefore(row, $("watchlistBody").childNodes[0]);
  } else {
    $("watchlistBody").appendChild(row);
  }
  Effect.Appear(row);

}

We now have two independent functions that receive notifications of new messages arriving from the server. Each can use the information however it pleases. This is a much more scalable approach than having the server message recipient dictate how the browser should respond.

For server-to-browser propagation, Periodic Refresh (see earlier) or HTTP Streaming (Chapter 6) is required.

Distributed Events usually involve a browser element observing a server-side entity. REST is ideal for this purpose as it provides a simple, standard way to exposes server state.

If the server responds with XML and you need to retain state locally—e.g., to track differences—an XML Data Island (Chapter 11) would be useful. Under some technologies illustrated in that pattern, XML Data Islands allow for automated updates—when the data island changes, then a control is updated, and vice versa.

In theory, anything you can do with a browser can theoretically be accomplished by an automated HTTP client. However, there are likely to be legal constraints, and technical challenges too if there is serious usage of JavaScript or browser plugins. Furthermore, your script will be vulnerable to changes in the site layout, and many content providers have deliberately performed subtle changes to prevent automated access. Thus, relying on the ever-increasing collection of public APIs and structured data would make a better choice.

You can find a collection of public APIs at http://wsfinder.com. Some popular APIs include Amazon, Delicious, EvDB, Flickr, Google Maps, Google Search, Technorati, and Yahoo Maps.

If you’re scraping content directly from a public web site, you’ll need to use the underlying web protocol, HTTP. And even if you’re talking to an API, you’ll probably be communicating with HTTP anyway. In some cases, API publishers will provide code to access the content, rather than just publishing the specification. Also, with more complex web services protocols like SOAP, you don’t have to write a lot of low-level code yourself. In many cases, though, the easiest thing to do is talk HTTP and manually format and parse messages yourself.

Many scripting languages feature built-in libraries to communicate in HTTP and are often well-equipped for Cross-Domain Proxy implementations due to strong support for regular expression manipulation. A PHP example is featured in the code example that follows shortly.

In the Java world, for instance, the standard API provides some relatively low-level support for HTTP clients, but you can use some of the web site testing libraries to quickly extract content from external sites. HttpUnit is a good example, and it also has some support for JavaScript manipulation. To grab some content:

  import com.meterware.httpunit.WebConversation;
  import com.meterware.httpunit.GetMethodWebRequest;
  import com.meterware.httpunit.WebRequest;
  public class PatternSorter {
    public String getContent(String url) {
      try {
        WebConversation wc = new WebConversation( );
        WebRequest request = new GetMethodWebRequest(url);
        String response = wc.getResponse(request).getText( );
      } catch(Exception ex) {
        throw new RuntimeException("Could not get content from " + url, ex);
      }
    }
    public static void main(String[] args) {
        System.out.println("http://ajaxpatterns.org");
    }
  }

At times, there will be errors accessing an external web service. Think twice before attributing blame because the problem might be at your end, or somewhere along the network. This has implications for any error messages you might show users. Ideally, you should be able to detect that an error has occurred, and then log the details for immediate attention. In responding to the user, you have several options:

The legals of invoking Web Services (Chapter 6) are tricky, vaguely-defined, and always evolving. Some services are open for public use, others require you hold an API key, and others are critical enough to warrant authentication via digital signatures. In each case, there are usage terms involved, even if they’re not explicit, and you will need to investigate issues such as the authentication mechanism, the number of queries per day, how the data will be used, server uptime, and support level.

The WPLicense Wordpress plugin (http://yergler.net/projects/wplicense) presents the blogger with some forms to specify their preferred license statement, based on the Creative Commons model. The server is acting as a middleman between the browser and the Creative Commons API (http://api.creativecommons.org/rest/1.0/).

Housing Maps (http://housingmaps.com) is a mashup between Google Maps (http://maps.google.com) and Craigslist (http://craigslist.com), a community-oriented classifieds advertising web site. What does that mean? It means you get to see a list of advertised homes on one side and view a map of those homes one the other side, using the familiar Google Maps thumbtacks to pinpoint the locations of the advertised homes. (See Figure 10-11.)

Figure 10-11. Housing Maps

A few features:

Cross-Domain Proxy is used to grab housing data from Craigslist, while the map images are fetched directly from Google’s server into the browser.

This was not Ajaxian, but noteworthy as the first prominent mashup application and a precursor to the Ajaxian Cross-Domain Proxy pattern. Web guru Philip Greenspun mixed data from several sources to produce a “wealth clock” showing Bill Gates’ worth at any time (http://groups-beta.google.com/group/nf.general/browse_thread/thread/bc7fc7bfab19937f/88fa32f2cf6dd6bb). This is no longer working, unfortunately (http://rhea.redhat.com/bboard-archive/webdb/0006ad.html), but the code is still available (http://philip.greenspun.com/seia/examples-basics/wealth-clock.tcl.txt). See Figure 10-12.

Figure 10-12. Bill Gates Wealth Clock

The price per stock was extracted from Yahoo! Finance. The number of stocks in Gates’ portfolio came from Microsoft reports (it was not automatically extracted). And the U.S. population came from the U.S. Census Bureau.

Here’s what Greenspun said back in 2001 (http://philip.greenspun.com/teaching/teaching-software-engineering):

Another prominent usage of Cross-Domain Proxying in “Web 1.0” was meta-searching, as performed by crawlers such as MetaCrawler.com (http://metacrawler.com). Again, all the work was done in the server, and the browser response was usually opened while the results came back to the server, so at least some information could be shown while requests were still out.

CPaint (http://cpaint.sourceforge.net/:) is a Web Remoting (Chapter 6) library. A special “proxy” URL can be established (http://cpaint.sourceforge.net/doc/frontend.class.cpaint.set_proxy_url.html), pointing to a proxy on the originating server, so that remoting to external domains has virtually the same API as to the originating server.

The server doesn’t have the license types hardcoded. Instead, it retrieves them via a web service. This is the core of the Cross-Domain Proxy functionality—the PHP function fs will retrieve content from the specified URL:

  $WS_ROOT = "http://api.creativecommons.org/rest/1.0/";
  ...
  $xml = file_get_contents($WS_ROOT);

In fact, you can see exactly what’s pumped into $xml by visiting http://api.creativecommons.org/rest/1.0/, and then choose View Page Source. Alternatively, use a command-like application such as curl (curl http://api.creativecommons.org/rest/1.0/), which yields the following XML (reformatted):

  <licenses>
    <license id="standard">Creative Commons</license>
    <license id="publicdomain">Public Domain</license>
    <license id="recombo">Sampling</license>
  </licenses>

Once we know what license types are available, it’s a matter of transforming the XML into an HTML selector. XSLT could be used here, but it’s just as easy to do it manually:

  foreach($license_classes as $key => $l_id) {
    echo '<option value="' . $key . '" >' . $l_id . '</option>';
  };

Presenting the questions gets interesting, because the server must now present questions and accept answers without the programmer knowing in advance what those questions will be.

Browser requests for license questions invoke a URL that depends on the user’s chosen license type. If the license type is Creative Commons, which has the ID “standard,” the URL is http://api.creativecommons.org/rest/1.0/license/standard/. Visit that URL, and you’ll see the questions and possible answers. For example:

  <field id="derivatives">
    <label xml:lang="en">Allows modifications of your work?</label>
    <description xml:lang="en">The licensor permits others to copy, distribute and
           perform only

unaltered copies of the work, not derivative works based on it.</description>
    <type>enum</type>
    <enum id="y">
      <label xml:lang="en">Yes</label>
    </enum>
    <enum id="sa">
      <label xml:lang="en">ShareAlike</label>
    </enum>
    <enum id="n">
      <label xml:lang="en">No</label>
    </enum>
  </field>

Equipped with all that information about each question, the server must now transform it into an HTML selector. Ultimately, a loop is used to traverse the entire data structure and generate a selector for each field:

  foreach ($fields as $f_id=>$f_data) {
    $result .= '<tr><th><nobr>' . $f_data['label'] .
'</nobr></th><td>';
    // generate the appropriate widget
    if ($f_data['type'] == 'enum') {
      $result .= '<select class="lic_q" id="'.$f_id.'" lic_q="true" size="1">';
      foreach ($f_data['options'] as $enum_id=>$enum_val) {
      $result .= '<option value="'. $enum_id . '">' . $enum_val . '</option>';
      } // for each option
      ...

As explained in the Live Form (Chapter 14) discussion, this new form HTML is directly placed onto a div.

The Creative Commons’ issueLicense web service accepts XML input of all the license criteria, and then outputs a document containing a URL for the license criteria, along with some other, related information. In a similar manner to the previous code, all of this information is transformed into HTML. This time, it’s used to populate several fields, rather than generate any new input fields.

A fairly old cross-domain technique is to use On-Demand JavaScript; see the discussion of Cross-Domain Loading for that pattern in Chapter 6. The main benefit over Cross-Domain Proxy is reduced resources—the base server is bypassed, so there’s no bandwidth or processing costs involved. However, there’s a major constraint: the server must expose a suitable script to fetch, because it’s not possible to just extract arbitrary information from a server. Additional problems include lack of server-side logging, inability to reach services that require authentication, and the security concerns described in On-Demand JavaScript.

When we speak of the “same-origin” policy, we’re not necessarily referring to the true domain a document is served from; each document has a mutable domain property (for example, document.domain) that turns out to be the critical factor in cross-domain calls. If two documents declare the same domain property, regardless of their true origin, they should be able to communicate with each other using XMLHttpRequest. Jotspot developer Abe Fettig has explained how to exploit this knowledge for making cross-domain communication practical (http://fettig.net/weblog/2005/11/28/how-to-make-xmlhttprequest-connections-to-another-server-in-your-domain/ XMLHttpRequest Call). The trick relies on embedding the external document and having that document—as well as your own document—define the same document.domain property. Thus, as with the On-Demand JavaScript alternative, it does have one key constraint: the external server must explicitly cooperate. In addition, you can’t just declare an arbitrary domain; it has to be a “parent” of the true domain (http://www.mozilla.org/projects/security/components/same-origin.html; i.e., “shop.example.com” can declare “example.com” but not “anyoldmegacorp.com”. Due to these constraints, it’s best suited to a situation where there’s a direct relationship between the respective site owners.

Images have always worked across domains, with various benefits (syndication) and more than a few problems (“bandwidth theft”) along the way. As noted in the "Alternatives" section of XMLHttpRequest Call (Chapter 6), images can be used for general-purpose remoting, usually with 1-pixel images that will never be rendered. While that’s a hack you’ll likely not need these days, transfer of legitimate images remains a useful capability. When you run the Google Maps API (http://www.google.com/apis/maps/) in your web page, for example, it pulls down map images directly from Google’s own servers.

Since external calls can be expensive, the Performance Optimization patterns apply. They may be applied at the level of the browser, or the server, or both. For example, caching can take place in the browser, the server, or both.