This question have been bothering me for a while. So here is the story. There is another domain name which consist of a php file that produce json result :
lets say http://www.otherdomain.com/token.php and it will produce:
{"token":"123455"}
I want to ajax from mywebsite.com to get and act on the response given. The problem is otherdomain.com is not own my me and I can't modify the content in it or whatsoever.
So I have searched for several answer on stackoverflow and will explain why this doesn't work.
set the CORS header.
It didnt work because the domain is not own by me and i can't do anything about it.
Use my server as a proxy to request the data. (This is workable for a few times, but when the visitor on my site get more and more there will be more data sent from single ip to the site which is from my server which then might triggered 403 error)
Use plugin on chrome or firefox. (This option is okay if i am the only one who using this website)
Use JsonP. It shown in jQuery getJSON works locally, but not cross domain but the answer shows you need to modify the response data on the otherdomain.com file and since i dont own the domain, I cant do anything.
You may not use your option number 4 correctly. jsonp is especially made for cross domain requests. So, jsonp is your solution. If you stuck, then look at google maps or other services, they have working jsonp examples.
Related
So a couple of days ago i was looking for something like this and had actually found it but never found a use for it. I know its listed somewhere on mozilla's site but i forget what the function is called.
In anycase i wish to request an external domain that doesn't have cors and does not requir external help from things like proxy's. its a rather recent function added to javascript as when i read about it (before i forgot the name) it was listed as expiremental technology. It's supposedly a safe alternative to CORS the only catch is unlike cors you are not allowed to view the response.
What i want to use it for is to basically see if the status code returned is 404 or 200 so i can tell users whether a specific site is having issues and since the ammount of sites that would be requested is huge if i do it server side id prefer to have it done in a clients browser only on specific pages.
I think you could get by with sending a HEAD HTTP request.
Let's imagine the following situation.
I have a website mysearchengine.com and then I use search suggestions from external sites, for example eniro.no:
http://map01.eniro.no/search/search.json?q=de&index=yp_sug&profile=pl&pageSize=10&callback=C
Does eniro.no can see that their JSON is requested from website mysearchengine.com?
My issue is that I want to use some JSON resources of another (not my) server and I wonder if it is seen for them that I'm doing that?
The above is only an example, easiest I found to show my question about how JSON works.
Yes, in one of two main ways:
HTTP Referrer Header:
http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14
Direct IP address logging: If they log your IP address, they could potentially do a reverse lookup to find your web address. Alternatively, if you are under a shared IP, they may just block your IP address if you are abusing their web resources.
Note: You can choose whether to pass the referrer header or not. It is up to your server. However, there is no way to mask what computer/server requests the remote resource (yes, using a proxy they will be able to tell that the proxy's IP requested the resource, but that is beside the point).
Are you looking to have a user click a button on your site, and your site will make a GET request, in javascript, to another site, and then put content on your site? That's called Cross Origin Resource Sharing (CORS).
If you're controlling the javascript, you can insert additional headers into the request, and since it's the user's browser that's making the request, the site will only see that user's information, not your site's.
Besides that, the answer by Andrew M. is correct, based on the browser, there will probably be a referred header sent, and I am not sure you can get rid of it through JS.
Im using Coda, and Im trying to write a program to use Javascript/Jquery to load nfl's html on their stats page (http://www.nfl.com/stats/player), and then remove all of the excess html. Resulting several lists of players and their stat's.
I've tried using `$('#container').load('http://www.nfl.com/stats/player').
This works fine in Coda, but I can't parse the html the way I want to.
In google chrome I get the error
XMLHttpRequest cannot load http://www.nfl.com/stats/player. Origin null is not
allowed by Access-Control-Allow-Origin.
From what I understand this is a security feature built into all browsers. Is there a workaround to this issue? Can I use a different type of request?
I understand that i should be using JSONP for this type of request, but I dont believe the nfl has an API that would make this possible.
I've seen questions like this get thrown around, but I don't think anyone's given a really good solid answer yet.
I think theres still a lot of people wondering if theres an easy way to $.get cross-domain HTML and parse it.
You're not allowed to do this because it can be used for XSS (cross site scripting) where scripts are accessed by scripts outside of the domain of the site. i.e. you can get cookie information or such this way.
You will have to do this server side. If you're using php you can use $content = file_get_contents('http://nfl.com/stats/player'); or you can do it using curl if you wish.
Otherwise the legit way to do it is through an API, but as you've pointed out that isn't an option in your case.
I am trying to create a drag and drop interface for my website that integrates with Imgur. The problem is that I am trying to use ajax with cookies. I have gotten it to work without signing in, but I need the pictures to be under my account. In theory my code should work, but in practice for some reason the ajax requests/cookies aren't working. What am I doing wrong? Thanks :D
My code: http://jsfiddle.net/msm595/9arFd/
My username and password aren't in there (although i was testing with a dummy account anyway).
https://developer.mozilla.org/en/http_access_control#Requests_with_credentials
You are using cross domain plus credentials. Then the server has to response with:
Access-Control-Allow-Origin: http://jsfiddle.net/msm595/9arFd/
and not with:
Access-Control-Allow-Origin:*
Wildcards are not allowed in this case.
You may want to test with Chrome, it shows both headers and gave me this message:
XMLHttpRequest cannot load http://api.imgur.com/2/signin. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.`
That's all I can say, imgur has to explicitly allow your JS solution. You may need a piece of code running on server's side not having cross domain issues.
I have a piece of javascript executing on a jetty server which is sending a XMLHTTPRequest to a scoket on another server(wamp server).
The request gets sent to the socket, however the XHR response seems to be getting blocked.
My only thoughts on this is it may be an issue with XSS(cross site scripting).
Is there a way in which i could enable cross site scripting for this particular request or is there something else i should be doing?
Any help would be greatly appreciated!
That sounds about right. Browser cross-domain policy blocks XHR requests to other domains. Try using the JSONP technique in order to circumvent this.
It may seem odd that cross-domain policy can be so easily circumvented, but that's because when a server exposes a JSONP interface, it is clearly a mutual agreement.
Good luck!
Take a look here, this lets you expose an ajax endpoint across the domain boundary without the use of JSONP - its plain XHR with a little bit of cross domain messaging on top.
For the exact example of cross domain ajax, see this http://consumer.easyxdm.net/current/example/xhr.html
By the way, this is what the Russian version of Facebook (vkontakte, 75+mill users) uses for its API.
You cannot make xmlhttprequests to other servers. You have 2 options
proxy everthing through the server that servs the javascript.
use a <script> tag to pull data off the otherserver using dynamically generated js on that server.
Thanks guys for your response but I actually found that the issue was with same origin policy as I am running both servers from the same host but with different port numbers.
JSONP seems like it may solve the problem, but I am going to try just use the one server now for completeness.
The following article explains my problem under the background heading.
and in column four of the table.
http://taossa.com/index.php/2007/02/08/same-origin-policy/