I am writing a project thesis and have stumbled on an issue which might set my entire project in doubt. So I just want to triple-confirm before I take any further actions.
I have a javascript file on URL1. The javascript code, for simplicity, retrieves information from URL2.
No matter how much I tried this wouldn't work so I did a Google search and figured out that the same-origin policy might be the reason.
So I ask you again, is this impossible?
this is totally possible, but there are some restrictions to it;
You can access information of URL2 from URL1, if URL2 provides a JSONP way. You'd generate a script tag that loads a js file (url2/information?id=123&callback=mycallback) in which the JSON is put into the specified function (in this case mycallback). The script on URL2 would look like this;
mycallback({"json":"information"});
Thus, URL1 needs a mycallback function defined and will get the information from URL2
A different approach would be to utilize XMLHttpRequest Level2 which can go cross-domain.
Another would be to communicate over onmessage/postmessage and have URL2 iframed within the page of URL1. This goes Cross-Origin as well.
There are other technics to make a hole in the same origin policy, like Hashs (but are very limited in comparison to the above technics)
Related
everyone. I am making a website with t-shirts. I dynamically generate preview cards for products using a JSON file but I also need to generate content for an HTML file when clicking on the card. So, when I click on it, a new HTML page opens like product.html?product_id=id. I do not understand how to check for id or this part ?prodcut_id=id, and based on id it generates content for the page. Can anyone please link some guides or good solutions, I don't understand anything :(.
It sounds like you want the user's browser to ask the server to load a particular page based on the value of a variable called product_id.
The way a browser talks to a server is an HTTP Request, about which you can learn all the basics on javascipt.info and/or MDN.
The ?product_id=id is called the 'query' part of the URL, about which you can learn more on MDN and Wikipedia.
A request that gets a page with this kind of URL from the server is usually a GET request, which is simpler and requires less security than the more common and versatile POST request type.
You may notice some of the resources talking about AJAX requests (which are used to update part of the current page without reloading the whole thing), but you won't need to worry about this since you're just trying to have the browser navigate to a new page.
Your server needs to have some code to handle any such requests, basically saying:
"If anybody sends an HTTP GET request here, look at the value of the product_id variable and compare it to my available HTML files. If there's a match, send a response with the matching file, and if there's no match, send a page that says 'Error 404'."
That's the quick overview anyway. The resources will tell you much more about the details.
There are some solutions, how you can get the parameters from the url:
Get ID from URL with jQuery
It would also makes sense to understand what is a REST Api and how to build a own one, because i think you dont have a backend at the moment.
Here some refs:
https://www.conceptatech.com/blog/difference-front-end-back-end-development
https://www.tutorialspoint.com/nodejs/nodejs_restful_api.htm
You would think my problem would be so commonplace that there would be solutions all over the internet for it. But I can't find anything that really answers my question.
Let me summarise my situation:
I am using Open UI5.
I am coding an app which retrieves documents from various external websites. I want to display these documents inside my app, and not navigate to them, so I display the documents in an iframe. Haven't found any other way.
Some filetypes can be displayed natively, such as PDFs. Others, like Word, cannot - the easiest way I have found of displaying these is by using Google Docs, which implies changing the URL of the iframe's src from this :
http://example.com/my-target-doc.docx
to this:
http://docs.google.com/gview?url=example.com/my-target-doc.docx&embedded=true
Some of the external domains I retrieve the documents from require authentication. Therefore, I cannot set the iframe's src to http://docs.google.com/gview?url=example.com/my-target-doc.docx&embedded=true directly - Google docs would attempt to display the authentication page. I must keep the original URL, and then, once the user's authenticated, replace the document URL with the Google docs version of the same URL.
What I am trying to do, then, is use the iframe's "onload" event to get the currently loaded page's address and, if it is a .doc/.docx/.ppt etc, replace that same URL with the GD version of the URL.
The difficulty is that there is no extension at the end of the URL which points to the document - none of the URLs I need to use end with ".doc", ".ppt" or whatever, so parsing the URL is out.
So this is my question : Is there a way in Javascript to get the type of the content being returned? To be fair, I am pretty doubtful there is. Other ideas or alternatives are welcome. I am still actively looking for some.
Thanks!
Did you already look at the Content-type HTTP header? This can be read with JS, but you probably have to request the file asynchronously for that.
I am doing a jquery.ajax() call on one of our pages to fetch a small text file. I see some of the requests (not all) fail with resp.statusText: "No Transport" and resp.status : 0
What does the error mean (No Transport with a resp code of 0). Strangely it works on some browsers, and doesn't work on some. I couldn't find a patter by looking at the user agents of browsers, where it failed.
Any help would be highly appreciated. I am a beginner to javascript and jquery library, let me know if I omitted crucial information.
My use case:
abc.mydomain.com contains jquery.ajax(url:xyz.mydomain.com) call
Most likely it prevents you from firing a request because it things you are trying to access another domain. xyz.mydomain.com !== mydomain.com.
Why that is not allowed?
Read
Use a Web Proxy for Cross-Domain XMLHttpRequest Calls
Why the cross-domain Ajax is a security concern?
An example to why this is a security issue, assume you installed a bad plugin to your browser. If that plugin got the permission, it can read all loaded files to your browser and be able to edit/change/inject content and codes. Then it might send all collected data to designer own server.
... The most common business needs that are easily accomplished with browser plug-ins are: modify default search, add side frames, inject new content into existing webpage ...more
A good practice is to fetch the data thru ajax via JSON, if you are trying to access another site beside the one the script is calling from, then use JSON-P.
Read
JSON-P
JSON-P call to subdomain
Chrome ajax call to subdomain
A common architecture is to call the current domain that the script is loaded from, then use server script to fetch data from the other domain where the other domain will response to the request and return the data.
A code snippets of your function will help us understand your issue more.
Is it possible to find the attributes of certain elements on one website and display them on another website? For example, if I have website 1, can I use Javascript/jQuery to find out the size of a specific image or div on website 2 and display those attributes on website 1?
If I can't do something like that with Javascript, is there an alternative way of going about accomplishing that specific example?
1. What you are trying to do can't be done using any AJAX library. Browsers' cross-domain policy won't allow you to do this.
But you can do this with a combination of php (or any other server-side language) and AJAX. Create a php script like this:
<?php
$url=$_POST['url'];
if($url!="")
echo file_get_contents($url);
?>
Let us say the script's name is fetch.php.
Now you can throw an AJAX call from your jQuery code to this fetch.php and it will fetch the HTML code for you.
2. The same origin applies. try this code and you'll face security error,
$.get("other web page site", {}, function(content){
$("#receipe").html(content)
}, "html")
3. Using Greasemonkey, it is possible to make third-party requests. A jQuery-oriented tutorial is offered on this page. The short answer it to have Greasemonkey make the request on your behalf. Replace all your XMLHttpRequest objects with GM_xmlhttpRequest objects.
Useful links,
Can Javascript read the source of any web page?
http://www.sitepoint.com/forums/showthread.php?836704-How-to-get-contents-of-3rd-party-website-into-javascript-variable
Sadly because of same origin policy you can't access the DOM on a different domain. If you control both domains you maybe able to use CORS and modify the server HTTP headers to allow Javascript access.
The workaround to this is to use a server to act as a proxy between the two websites. So you would have a server side script on website 1 that would send a request to website 2 and return the content from website 1.
I want to get a short string hosted on a server where I do not have access to the data as XML, JSON, etc. I am trying to use either .load or .ajax to do this. I want to be able to parse the data into a javascipt array. The entire contents of the remote page is text and I am happy to take all of it and remove what I do not need via a small javascript. I have tried:
<script>
$(document).ready(function(){
$("button").click(function(){
$.ajax({url:"http://url:8888/data", success:function(result){
$("div").html(result);
}});
});});
</script>
I have two questions.
1- why does this not work?
2- What would be the best way to store the string in a javascript var?
I am sure JQuery is working correctly.
The answer would be to long to post here (really). But look those up:
Same Origin Policy
Padded JSON
If you have no control over the remote site, you have lost - you will not get any data from it by Ajax (which is actually a feature, not a limitation of the technology). One way of circumventing the protection would be to build a proxy that just mirrors the remote service you need to reach and makes it available in the same domain that your main HTML came from.