I am trying to implement a simple request to Wikipedia's API using AJAX (XMLHttpRequest). If I type the url in the address bar of Firefox, I get a neat XML, no sweat there. Yet, calling the exact same url with:
// this is my XMLHttpRequest object
httpObjectMain.open("GET", "http://en.wikipedia.org/w/api.php?action=query&format=xml&prop=langlinks&lllimit=500&titles=kaas", true);
httpObjectMain.send(null);
returns an empty response. According to FireBug, I get a 200 OK response, but the content is just empty.
I suspect I might be missing something on the header of the GET http request.
Help! (and thanks!)
The Wikipedia API does support JSONP.
Your query string'll become something like this:
http://en.wikipedia.org/w/api.php?action=query&format=json&callback=test&prop=langlinks&lllimit=500&titles=kaas
But you'll have to build the jsonp handler (or you can use your favorite library to do it), switch to json output format from the xml you choose and create the callback function to parse the result and do the stuff you need on the page.
The browser will not allow you to send an XHR to another domain other than the one the page is on. This is for security purposes.
One way around this that I have seen is to setup a proxy on the domain the page is hosted on that will pass requests through to the actual api server. See http://ajaxpatterns.org/Cross-Domain_Proxy
Related
Could someone explain how I can access Wolfram's API data? I'm not worried about formatting for now--I would just like to learn the basics of interacting with the API.
The Wolfram website FAQ says this: "The Wolfram|Alpha API is designed to operate with interactive web technologies such as AJAX, Flash, and Silverlight."
And the documentation, which is located here: http://products.wolframalpha.com/api/documentation.html, says this: "A simple API call to retrieve output for the query "pi" would look like this:
http://api.wolframalpha.com/v2/query?input=pi&appid=XXXX
This query did not specify a desired output format, and the default is to retrieve the plaintext and image representations of each subpod. The image is returned as an <img> tag suitable for direct inclusion in a web page. Here is the output:"
I just have no idea how to put this together to actually access the Wolfram API data. Do I use AJAX or something else? What is the basic code for accessing the data?
I'm very new at this, so any help would be greatly appreciated. Thanks a lot!!
To use XMLHttpRequest their server must enable credentials by setting the Access-Control-Allow-Credentials response header to “true”
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
By AJAX I think they mean your server code should make the request.
In the next example they use Java Server Pages on their own domain to make the request:
https://reference.wolfram.com/webMathematica/tutorial/ApplicationsAJAX.html
Check other answers:
Wolfram API javascript cross origin sharing issue
If you use JQuery, a common javasSript framework, you can make an ajax request as follows
var requestData = function() {
$.ajax({
url: "http://api.wolframalpha.com/v2/query?input=pi&appid=XXXX",
}).done(function(data) {
//data should contain the response from wolframalpha
});
I am doing a jquery.ajax() call on one of our pages to fetch a small text file. I see some of the requests (not all) fail with resp.statusText: "No Transport" and resp.status : 0
What does the error mean (No Transport with a resp code of 0). Strangely it works on some browsers, and doesn't work on some. I couldn't find a patter by looking at the user agents of browsers, where it failed.
Any help would be highly appreciated. I am a beginner to javascript and jquery library, let me know if I omitted crucial information.
My use case:
abc.mydomain.com contains jquery.ajax(url:xyz.mydomain.com) call
Most likely it prevents you from firing a request because it things you are trying to access another domain. xyz.mydomain.com !== mydomain.com.
Why that is not allowed?
Read
Use a Web Proxy for Cross-Domain XMLHttpRequest Calls
Why the cross-domain Ajax is a security concern?
An example to why this is a security issue, assume you installed a bad plugin to your browser. If that plugin got the permission, it can read all loaded files to your browser and be able to edit/change/inject content and codes. Then it might send all collected data to designer own server.
... The most common business needs that are easily accomplished with browser plug-ins are: modify default search, add side frames, inject new content into existing webpage ...more
A good practice is to fetch the data thru ajax via JSON, if you are trying to access another site beside the one the script is calling from, then use JSON-P.
Read
JSON-P
JSON-P call to subdomain
Chrome ajax call to subdomain
A common architecture is to call the current domain that the script is loaded from, then use server script to fetch data from the other domain where the other domain will response to the request and return the data.
A code snippets of your function will help us understand your issue more.
I am developing an application that needs to gather information from GitHub, so I began looking at their API. My initial thought was to use the d3.json() function to get the data (because it's simple and has done good things for me in the past), but there doesn't appear to be a way for me to authenticate with that function. For example, $ curl -u "username" https://api.github.com is given as an example of basic authentication (from GitHub API--obviously they use curl for their examples).
So, is there a way to do authentication with the d3.json() function? And if not, what are my other options to get the JSON with JavaScript?
Thanks!
Edit:
I'm experimenting now with using jQuery's getJSON method as shown here, because I started getting the error "XMLHttpRequest cannot load url Origin url is not allowed by Access-Control-Allow-Origin." Of course, the switch doesn't help with the ability to authenticate, but I can at least get the public data (which is most).
Edit #2:
Has anyone experimented with michael/github or fitzgen/github-api? I'm going to start looking into those.
If you have a PHP script which echos JSON, you can do all authentication server-side. Note that you can also send a GET request to your PHP script, so the way you call your script can be dynamic.
I want to post some data via javascript to another domain. Something like:
http://www.othersite.com/submitfunnyname?name=blah
The other site (othersite.com) has a REST interface that you can call (well actually this is a get example) to submit a funny name to them.
Can I do this already with javascript? I'm a little confused on this - I know if that service wants to return some data, I'd need to use something like JSON-P - even though here I'm submitting some data, I guess the service will return some message structure letting me know the result, so it would have to be JSON-P, right?
Thanks
Not a particular expert in JavaScript, but isn't this an example of "cross-site scripting", which is not allowed due to possible security threats?
I believe you need to have all HTTP calls being made to the same server domain as the page. You could have a handler on your own site pass the information on to the othersite.com.
You can either use JSON-P if the site supports it, or you can use your web server as a proxy - by making requests to your server, which will in turn use a library such as cURL to make the actual request to the remote site.
How do you get around this Ajax cross site scripting problem on FireFox 3?
If you're using jQuery it has a callback function to overcome this:
http://docs.jquery.com/Ajax/jQuery.ajax#options
As of jQuery 1.2, you can load JSON
data located on another domain if you
specify a JSONP callback, which can be
done like so: "myurl?callback=?".
jQuery automatically replaces the ?
with the correct method name to call,
calling your specified callback. Or,
if you set the dataType to "jsonp" a
callback will be automatically added
to your Ajax request.
Alternatively you could make your ajax request to a server-side script which does the cross-domain call for you, then passes the data back to your script
To update the answer (I guess, mostly for my benefit when I come looking for this answer later on), if are loading XML or something else, you can always ask the user if he will allow us to read from another site with this code:
try {
if (netscape.security.PrivilegeManager.enablePrivilege)
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
} catch (e) {
alert("Sorry, browser security settings won't let this program run.");
return;
}
(from the RESTful web services book) But, this only works in firefox, when the html file is loaded from local file. So, not that useful.
One more solution: if all you need is the headers, you can specify "HEAD" as the method and it won't trigger the security issue. For instance, if you just want to know if the web page exists.
var client = new XMLHttpRequest();
client.open("HEAD", my_url, false);
client.send(null);
if(client.readyState != 4 || client.status != 200) //if we failed
alert("can't open web page");
Some more details would be nice: which AJAX library are you using, what would you like to achive, how you do it.
For example it can be a cross-domain Ajax request, which is not allowed. In this case use JSON.
I came across this problem recently and it was while I as AJAX loading the local request, not cross site scripting problem. Also, Jimmy himself seems to have the same problem. This seems to be the FF security problem, this article describes the cause and the solution to access to restricted uri denied" code: "1012 problem.
Sorry, got that error using JQuery
$.ajax on FireFox 3. Tried jsonp
suggestion but I think that will only
work with something that will serve up
json. I'm trying to create a sample
local html file based mashup that will
pull data from Yahoo!Finance, but they
are serving .csv, so I think I'm SOL.
– Jimmy Chandra (Sep 9 at 17:20)
I hope you'll find it useful.