I want to create a very primitive mixpanel/kissmetrics/analytics clone.
Therefor I need to send data to a remote website for the purpose of logging it. It should send simple parameters like, foo=bar, foo2=bar2
How can I send data with javascript without being caught to cross domain policy?
Can you provide an example code?
Javascript can send arbitrary HTTP requests to any domain you like; you just cannot read the response.
To send a GET request, create an <img> element and set its src.
To send a POST request, create a hidden <form> that submits to a hidden <iframe>, then submit it.
Related
I would like to send data using the POST method, have the body be a JSON object rather than a set of key-value pairs, and on success navigate to the response.
If I just wanted to send data with POST and navigate to the response, I would use a form. If I just wanted to send a JSON with POST, I could use AJAX. But is there any way to fit both criteria?
Not really. The closest options you are have are to use Ajax and then:
Use history.pushState to change the URL and replace the entire DOM with the response.
Have the server store the result somewhere and then return a URL in the response that the JavaScript could then assign to location.href. The URL would have a token that the browser could use to get the stored response.
I don't think there's any way to literally do what you've described.
If you're posting to a URL in the same origin (or CORS is enabled), you could do the post via XMLHttpRequest, use history.pushState to change the browser's URL to the target, and update the page's DOM with the response from the post.
But the only way to literally do what you describe is with a form, and forms can't currently send JSON.
I have a cms, where am using laravel as web api, angularjs for requests.
I have an iframe where I call to services with a direct link and put it usig trusted src function.
The main problem is, I can not use a normal http post request and hide parameters, because using http request will return data, not file, and the report api returns in headers, an html file, pdf ... etc) so when i get result to the success of my http request, it won't download pdf file, it will show special chars
in the i frame am calling the api like this :
"localhost/api/getreportService/"+$scope.brandid+"&"+$scope.customerid"
but that's cannot be secure, is there any way to hide the request here from users?
ok, I found a solution, I called the api via http post request then I used $sce tustAsHtml for the response, with a ng-bind-html in my template and the result is good now, the report is showing in the div,
Now all is safe, the user needs a token to access the report, and that's impossible without a login.
I need to access a page on another domain, which returns as response a JSON array:
[{"name":"value","x":"y"},{"name":"value","x":"y"}]
Due to the cross-origin rule, I can't get this data through an XMLHttpRequest. Apparently I have to use a JSONP-like procedure:
Add script element to the page's body, with the src attribute poiting to the page
The browser does the HTTP request and gets the data
I can not edit the remote page/the response. The remote page is not meant to be accessed that way (so I can't use a JSONP callback parameter).
The remote page also requires the use of a specific cookie.
How can I access the data that has been just retrieved?
That's exactly the case the same origin policy exists for. Any possible solution would mean a security hole. If the data server unable to wrap it in your callback function, you have to proxy this through your own server-side app.
I need to send data to a remote server using javascript. How do I do this?
Background info:
There's a webpage from which I extract some information using JS, and I need to send it back to another server for processing. Response is not neccesary. The data is XML, Which I've URLencode'd.
How would one do this?
EDIT
The server I'm requesting the data from is not the same that receives the data. Just to clarify.
One of the most common ways to do this is AJAX. Here's how you perform an AJAX post request using jQuery:
<script type="text/javascript">
$.post('/remote-url', {xml: yourXMLString });
</script>
On the server side you process it like any other POST request. If you're using PHP it's $xml = $_POST['xml'];
The biggest limitation of AJAX is that you're only allowed to make requests to the same domain the document has been loaded from (aka cross-domain policy). There are various ways to overcome this limitation, one of the easiest one is JSONP.
UPD. For cross-domain requests an extremely simple (though not universal) solution would be:
(new Image).src = 'http://example.com/save-xml?xml=' + escape(yourXMLString)
This will issue a GET request (which cannot exceed 2KB in Internet Explorer). If you absolutely need a POST request or support for larger request bodies you can either use an intermediate server-side script on your domain or you can post a dynamically created html form to iframe.
submit a form using POST. That is working on all browsers cross domains. Have the server process the post. the form can be submitted to a hidden frame if you want to simulate AJAX
Use Cross Domain Resource Sharing (MDC) (IE XDR)
use a web bug (create an image, set the source to the url you want - smallish GET requests only)
var img = new Image();
img.src="http://www.otherserver.com/getxml?xml="+encodeURIComponent(yourXML);
(Oops, I see Lebedev did more or less the same in his update)
use a proxy, i.e. have your server talk to the other server for you
Look into Javascript's XMLHTTPRequest method -- or start with a Google search for AJAX. There's lots of ways to do this -- including some very easy ways through JS libraries like jQuery -- but a more specific answer would require some more specifics on the specific technologies you're using.
EDIT: You can set up the AJAX request to post to a server-side script (acting as a proxy) on your own domain, and have that script turn around and post the data to your remote server.
Is it possible to load for example google.com to a javascript variable?
var html = "the html of google.com"
Is this possible?
Update:
What about in an air application?
Not unless you send the source from the server.
From javascript, it will violate the Same Origin Policy. You can send the request, and you'll get a response, but the response will be empty.
If it's a page in the same domain you're in, then yes. Otherwise, not without some special URL provided by the target domain that sends you pages based on some form of special request.
You can always have your own server fetch the page and forward it to your client.