Get OSM-Data from Javascript

General talk
1

Hey everybody!

I want to write a JavaScript application which uses OSM data and I don’t want to double the bandwitdth usage for my website so I decided to use no proxy to circumvent “same origin”-policy which prohibits JavaScript’s XMLHttpRequest object to request data from another domain than the which the script is from to make XSS-attacks harder (which is only kind of good…) [0].
And so my question: What are my options to get OSM data?
I already tried several options:

  • directly querying (x)api.openstreetmap.org won’t work as my script is not allowed to read xml from *.openstreetmap.org.
  • indirectly querying (x)api.openstreetmap.org with yahoo pipes’s YQL won’t work as *.openstreetmap.org has a robots.txt which doesn’t allow Yahoo’s service to access the site [1].
    I see no way to get the data without some server-side support. I see several options: a) OSM creates a JSONP like service [2], b) OSM employs a technique like the one described at [3] to allow to read osm data with IFrames (see below).
    b) should be easier:
  • create a webservice url that accepts a) some kind of query string and b) the desired domain name (/service?bbox=a,b,c,d&domain=ab.cd.de)
  • return “a script” that looks like:

Are there any plans to support some kind of infrastructure to allow JavaScript to read OSM data?

I’m sure this is an issue that not only I’m having trouble with though I hardly found anything anywhere. E.g. Cartagen has similar problems (I think it must have) that’s why they have their own proxies. A solution which for several reasons I cannot deploy. As browser’s JavaScript engines become more powerful, JavaScript becomes a very good option to create cross-plattform applications and, in my humble opinion, OSM should support the development of that kind of applications!

Thank you for any input!

[0] http://snook.ca/archives/javascript/cross_domain_aj
[1] http://james.padolsey.com/javascript/cross-domain-requests-with-jquery/, http://developer.yahoo.com/yql/console/#h=select%20*%20from%20html%20where%20url%20%3D%20%22http%3A//xapi.openstreetmap.org/api/0.6/map%3Fbbox%3D8.270111100000001%2C49.999%2C8.2721111%2C50.001%22
[2] http://www.thefutureoftheweb.com/blog/cross-domain-json-without-xhr
[3] http://jszen.blogspot.com/2005/03/cross-domain-security-woes.html