For the embedded SPA architecture I was concerned about cross domain requests to the IdeaTime servers for data from IdeaTime users’ websites… thankfully it looks like there is a viable solution using CORS:

I’ve just glanced at the following article but it looks promising:

http://zinoui.com/blog/cross-domain-ajax-request

For reference:

https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

https://en.wikipedia.org/wiki/Same-origin_policy

 

The solution I have in mind is that registered IdeaTime users would provide their site’s domain during registration and that domain would be added to the allowable origins list for CORS on the IdeaTime server.

 

I’m looking forward to trying this out…