Do you really want to be sending URLs with the request? Better to > hardcode the destination on the server-side and only send the arguments > from js. No, not really, but I want to make the proxy as generic as possible without hardcoding the webservice urls, but like you said having the js to post the complete webservice url it will have security concerns.Maybe add some string encryption on the url? will it work?