i need to consume a web api, which is located here
http://46.253.202.174:8080/ws-api/v1/rest/zdata/codesByJurAndUsage?jur=Boston,%20MA&usg=barber
I don't have any details of how it is implemented or access to the code of the API, I'm just trying to consuming the API, I can see the JSON return data if i type the url in the browser, but when i'm trying to call the API using $.getJSON, it gave me an access denied error. I understand that its a cross domain issue. I also tried a few other things, like jsonp data type, with no success. My question is, if i am able to see the results in a browser, shouldn't i be able to get the results from the scripts, or its no necessarily true?
Secondly, is there any other way, if the things i have tried so far was not successful.
thanks
You are correct, you won't be able to load this data via $.getJSON due to the Same Origin Policy restrictions. You'll need to load it via JSONP, or, if the service doesn't support JSONP (which it looks like it doesn't), via a proxy. A couple of options:
You can set up a proxy on your own server via PHP or another server-side language. This will allow you to request the data from your own server, getting around the same-origin restriction. You might look at a project like Simple PHP Proxy for this purpose.
You can use YQL as a proxy - this sends the data through Yahoo!'s servers and then you can load it via JSONP. Applying this technique with jQuery is discussed in this article.
Related
I want to make a request for a JSON object to a server, that I dont have access to. So I have to work with the JSON object I receive.
Since cross domain requests are not that easy (as I read) I would like to know if they are also working if you cannot modify the way the server responds.
What I read is, that JSONP is for cross platform, but you have to modify in some way the server-side response.
If the webservice doesn't support JSONP, then you can't do it in javascript on the browser side. It is because of a security on the browsers. This security doesn't exist on your server, though.
You'll have to use a proxy, calling the webservice on your server (PHP or w/e).
For example:
The javascript on your browser calls your server on the same domain.
Your server on the same domain calls the webservice that doesn't support JSONP.
Your server sends the JSON answer back to javascript on your browser.
You know the standard JavaScript include in HTML?
<script src="http://example.com/script.js"></script>
How can I post data to that src? Using AJAX or jQuery is probably not an option, unless you can get it to work cross-domain.
You can't post data and retrieve the content cross domain. It's a security issue.
You probably already realize this, but you can do GET requests by appending it to the url:
<script src="http://example.com/script.js?key=value&key2=value"></script>
You could also use a proxy to retrieve cross domain requests from a site. This project looks promising: https://github.com/jamespadolsey/jQuery-Plugins/tree/master/cross-domain-ajax/
But it appears to also only support GET requests through yahoo's server.
The only viable option is create a php(other other sever languages) proxy that you could filter through. It wouldn't be to difficult using php's curl API. There are equivalents in other server scripting languages.
I'm building an API and want Ajax to be able to interact with it. The API needs to allow inserting, updating, and deletion of data. Is it a good idea to allow any of these operations via GET?
For example: http://api.domain.com/insert_person/?name=joe
My original plan way to use GET for my "getting" methods (basically, just a simple DB query) and POST for add, edit, and delete. Problem is JS same-origin policy which would make it hard for Ajax to interact with my API. There is a jQuery workaround for GET (via JSONP).
Suggestions?
In a word: NO
GET should always be used only for retrieving information and should never have side effects, ever.
This is a best practice across just about every web api out there and has to do with both the intent of the verb as well as how existing software expects things to behave.
If you're trying to get around the same origin policy, GET via JSONP is the only possible front-end solution. If you've got control of the back end you can setup a proxy service that is on the same domain as the page, but relays to and from the API service.
If you're going to go down the JSONP GET path, make sure you read up on XSS and CSRF.
Add another layer of to handle your code and interact with your database (different domain).
You would still use POST and you can make a request to your db in the server side, using what ever language your are working with, example php will use curl.(to make request to a different domain)
If you allow to interact with your db using get, then anyone can simply type the url with the commands they want, so yes avoid it .
As others have pointed out, GET should not be used for actions with side effects like inserting, updating and deleting.
To allow cross-origin use of your API, look into Cross-Origin Resource Sharing, although it's currently only partially supported by browsers.
I want to get the data from http://whatismyip.com/automation/n09230945.asp using JavaScript. How can I do this?
I can get the data from ASP.NET by using WebClient class but how can we get data using JavaScript?
You will need to use AJAX. However, unless the service provides a JSONP interface, AJAX is limited to getting pages from the same domain as the page it runs on. See: Same origin policy.
The way to get around the same origin policy is to write a script in ASP on your own server that gets the data, and then get that script through AJAX in your page.
Use YQL - http://developer.yahoo.com/yql/guide/yql-code-examples.html#yql_html_scraper
It essentially acts as a proxy to grab page data for you through their service. You can interact with it solely with JavaScript.
I need to use AJAX to get the content of another page located on a different server from the one the AJAX is loaded from. The AJAX needs to send a POST request then return the result. how can i do this?
Set up proxy on your own server. Have your server call theirs and return the result.
if you control both servers, you can use one of the HTTP header fields for cross-origin resource sharing:
http://www.petefreitag.com/item/703.cfm
https://developer.mozilla.org/En/HTTP_access_control
There is no way to go around that policy. This policy is there for very good reasons.
That is also no problem as long as you're in control over the web application. You could simply redirect the call to the other server from your webserver and pass the result. This would work out like a proxy.
If you want to do that on the client and cross browser, you need some cooperation from the other server.
Either by:
1) using JSONP (inject a script tag with a callback function)
Only GET calls are possible though.
Security is an issue as the script has access to all resources in that page(data, cookies, ...).Here's a post that explain how to sandbox them and keep the data in your page safe.
2) POST looks possible using Kris Zip's window.name technique
If the cooperation from the other server is impossible, the server proxy as described in other answers is, to my knowledge, the only option left.