Seadragon Ajax and cross-site scriptingNovember 25, 2008
1. Host the DZI on the same domain as your page
A DZI consists of an XML file (with either the .xml or .dzi extension) and a folder full of image files (typically jpgs or pngs), e.g. foo.xml and foo_files. Make sure to upload the complete set, maintaining the folder structure.
Most web servers don’t know what a .dzi is, so make sure to use the .xml extension. Alternatively, you can add “application/xml” as a MIME type for .dzi (if you can modify your server settings).
2. Manually pull the XML out of the DZI and pass it directly into Seadragon.Viewer.openDzi()
3. Put a proxy on your server
This way your page is making an in-domain request, and your server, which does not have cross-site scripting restrictions, grabs the information from the external domain. Let Seadragon Ajax know about the proxy with Seadragon.Config.proxyUrl.
Here’s an example proxy script, in PHP:
$url = $_GET['url'];
if(strpos($url, 'http') === 0) // exclude local files
$data = file_get_contents($url);
It should be similar for other languages.