I am using an esri.tasks.QueryTask to retrieve information from an ArcGIS Server service, and it works great. Because my query urls can be long, I have the proxy page (explained in link below) configured.
As everything is working fine, my question is about *how* it works. The link below explains that "...for security reasons, browsers are not allowed to POST except back to the server that sent the page to the browser. Hence the proxy page must run on the same Web server where your application runs..." This makes sense to me - cross domain calls are not allowed.
However, I was under the impression that cross-domain GET calls are not allowed either - why isn't the proxy required for those? And if there is some trickery that allows the GET calls to work, why does the esri.tasks.QueryTask not use the same trick to convert such calls to POST calls (and dispense with the proxy) when the url becomes too long?
Thanks in advance for helping clear up whatever misconception I have,
I'm curious about this too. Coming from Silverlight/Flex, the issue is solved with a crossdomain.xml (SL) or clientaccesspolicy.xml (SL or Flex) on the web server hosting the cross domain services. My understanding for javascript is that this can be handled in 1 of 2 ways...
jsonp approach
new CORS approach at html5
I notice also that if I download ESRI's 2.5 API, the .js files have companion xd.js. My guess is these companion xd (cross-domain) files are taking the jsonp approach. I also understand from other posts that jsonp is baked into the AGS REST API (server-side) and I would assume the jsapi (client-end) as well. Still looking for documentation/answers on how this works.
