5 More for HTML5: CORS, WOFF, App Skeletons, and More
CORS shares fluently. Cross-Origin Resource Sharing (CORS) is a well-supported HTML5 idiom that enables fluent communication across domain boundaries – formerly the arena of XSS (cross-site scripting) in JSON and other tricky or limited maneuvers, all arguably insecure. Flexible and powerful, one popular emerging application is to use CORS to enable provision of third-party services through simple websites. For example, an intranet site might use CORS to let employees drag-and-drop files to a box on an intranet page, triggering CORS upload to an authorized third-party site for processing – all without requiring a proxy effort or back-end programming on the intranet site itself.
Using CORS on the client side looks and feels a lot like using (non cross-domain) AJAX – almost identical for most browsers, which implement it as an extension of XMLHttpRequest. Internet Explorer, by contrast, uses the explicit term XDomainRequest for CORS object invocation, which is semantically more clear and arguably more secure, since it distinguishes between non-cross-domain and cross-domain functionality. On the server side, enabling CORS requires making small changes to your webserver configuration to add the appropriate HTTP response header, and is detailed at http://enable-cors.org/ and elsewhere. The CORS standard includes a basic security skeleton for mutual authentication, but programmers looking to use CORS in production scenarios will want to plan carefully and add more deliberate security to guard against potential vulnerabilities.
Fix your WOFF. While not strictly part of HTML5, Web Open Font Format (and SVG fonts, and upcoming TrueType standard font support) have become strongly associated with HTML5 as huge contributors to the improved appearance of modern web applications. In fact, we are now pretty much at the point where you can tweak a page (and license fonts) to produce substantially equivalent typography across essentially all contemporary browsers, plus (via EOT) back through IE6. The folks at Fontspring are highly motivated to keep up with this stuff, and helpfully maintain an up-to-the-minute CSS3 @font-face syntax model recommendation that (in tandem with the proper licenses) should (hold your breath, now) make all browsers load an equivalent font in whatever format they best support. Check out the arcane, unfolding dialogue (and get the CSS) at http://www.fontspring.com/blog/fixing-ie9-font-face-problems.
Pin it up. The site-pinning capability of IE9/Windows 7 can give your site desktop presence for a growing bloc of users – enabling notifications and new kinds of metrics. Making a site "pinnable" isn't hard, but it's even easier with sites like http://www.buildmypinnedsite.com, which offer a combo of tutorials and wizard-driven code generation to get you pinnable in a big hurry. Worth a visit, even if pinning isn't your goal, because part of the pin-ready process involves creating a high-res favicon, which is the kind of thing webdevs sometimes forget to do unless they have a marketing manager hitting them over the head saying "you promised to make a high-res favicon."
John Jainschigg is a contributing editor for SourceForge and Geeknet.