Avoid x-domain solutions - javascript

I'm currently working on a web application that customers can add to their webpages by adding a javascript link to a js file on my server. The application read all the javascriptfiles from my sever, but I still get an error when trying to use ajax to get data from my database. I didn't think that would be a problem because the files is on my server.
Can I fix this or do I have to make a cross-browser solution? I don't have any control over the costumers server.
Thanks in advance
Mikael

This is not possible: When you execute a remote script, it runs in the context of the containing document.
There are some popular workarounds for this:
Using an iframe, which fixes the cross-domain problem but doesn't integrate well with the remote site (e.g. no custom styling)
Using JSONP to make cross-domain Ajax requests (detailed explanation here)
Using a server-side proxy script (not an option in this scenario)
Using YQL (I'm not familiar with this but it's said to work)

The same origin policy is based on the host document not the script itself.
You need to use a cross domain ajax technique.

Related

Cross Domain HTML Get Request

Im using Coda, and Im trying to write a program to use Javascript/Jquery to load nfl's html on their stats page (http://www.nfl.com/stats/player), and then remove all of the excess html. Resulting several lists of players and their stat's.
I've tried using `$('#container').load('http://www.nfl.com/stats/player').
This works fine in Coda, but I can't parse the html the way I want to.
In google chrome I get the error
XMLHttpRequest cannot load http://www.nfl.com/stats/player. Origin null is not
allowed by Access-Control-Allow-Origin.
From what I understand this is a security feature built into all browsers. Is there a workaround to this issue? Can I use a different type of request?
I understand that i should be using JSONP for this type of request, but I dont believe the nfl has an API that would make this possible.
I've seen questions like this get thrown around, but I don't think anyone's given a really good solid answer yet.
I think theres still a lot of people wondering if theres an easy way to $.get cross-domain HTML and parse it.
You're not allowed to do this because it can be used for XSS (cross site scripting) where scripts are accessed by scripts outside of the domain of the site. i.e. you can get cookie information or such this way.
You will have to do this server side. If you're using php you can use $content = file_get_contents('http://nfl.com/stats/player'); or you can do it using curl if you wish.
Otherwise the legit way to do it is through an API, but as you've pointed out that isn't an option in your case.

POST data to JavaScript include

You know the standard JavaScript include in HTML?
<script src="http://example.com/script.js"></script>
How can I post data to that src? Using AJAX or jQuery is probably not an option, unless you can get it to work cross-domain.
You can't post data and retrieve the content cross domain. It's a security issue.
You probably already realize this, but you can do GET requests by appending it to the url:
<script src="http://example.com/script.js?key=value&key2=value"></script>
You could also use a proxy to retrieve cross domain requests from a site. This project looks promising: https://github.com/jamespadolsey/jQuery-Plugins/tree/master/cross-domain-ajax/
But it appears to also only support GET requests through yahoo's server.
The only viable option is create a php(other other sever languages) proxy that you could filter through. It wouldn't be to difficult using php's curl API. There are equivalents in other server scripting languages.

How to make cross domain request using ajax or javascript?

I have some Pre built script that makes some ajax request to one website. And it's working fine. But I am not able to make request to there some domains.
My working Process:-
1) I have pre built script on http://www.Test.com/a.js now i am calling this js in this domain http://www.test1.com by pasting the code to URL and it's working fine.
2) Now When I want to call one page from This http://hello.test1.com/as.php but it's showing some errors. How could i make request to subdomain page from main domain page.
Please let me know how can i do this.
Thanks in advance.
Your various options for cross-domain requests are:
The new Cross-Origin Resource Sharing (CORS) standard, if the browsers your users use support it and the server has support for it. Note that a lot of general web users still have browsers that don't support it.
JSON-P ("JSON with padding"), which is basically a dynamically-added script element
Using YQL (Yahoo Query Language) as a cross-domain proxy
There are several work arounds for cross domain scripting restrictions. easyXDM seems to do what you want.
You can use php curl to do the cross domain request using ajax. An ajax request will call php curl page which in turn will call cross domain with url specified in php curl page and return back the response .
I have implemented same and it works fine. Hope this helps Thanks.

Accessing DOM element of a webpage without opening it

I have started working on JavaScript. I want to count the number of frames/anchors on yahoo homepage without opening it(means I don't want to load the page in another window or frame). I didn't find a proper solution for this without using AJAX.Can't we create a document object referring to remote page?
As I am using JavaScript without any framework, can someone guide me how to do this?
You have very few options if you're working on the client side only. This is primarily because you'll be dealing with the dreaded, but necessary, cross-domain policy. However, even if you don't have cross scripting issues, it won't be possible to accomplish this without AJAX. You'll need to make a request to a server for the page's HTML somehow. I would suggest taking a look at YQL as it appears to solve the cross-domain issue.
You'll have to execute an HTTP request to get the HTML string to feed into a DOM object. AJAX is the easiest way to do that, why do you want to avoid AJAX?
In plain old Java you can create a DocumentBuilder and source a document with a URL, but I don't believe this is available in javascript.

How can i get around the same origin policy?

I need to use AJAX to get the content of another page located on a different server from the one the AJAX is loaded from. The AJAX needs to send a POST request then return the result. how can i do this?
Set up proxy on your own server. Have your server call theirs and return the result.
if you control both servers, you can use one of the HTTP header fields for cross-origin resource sharing:
http://www.petefreitag.com/item/703.cfm
https://developer.mozilla.org/En/HTTP_access_control
There is no way to go around that policy. This policy is there for very good reasons.
That is also no problem as long as you're in control over the web application. You could simply redirect the call to the other server from your webserver and pass the result. This would work out like a proxy.
If you want to do that on the client and cross browser, you need some cooperation from the other server.
Either by:
1) using JSONP (inject a script tag with a callback function)
Only GET calls are possible though.
Security is an issue as the script has access to all resources in that page(data, cookies, ...).Here's a post that explain how to sandbox them and keep the data in your page safe.
2) POST looks possible using Kris Zip's window.name technique
If the cooperation from the other server is impossible, the server proxy as described in other answers is, to my knowledge, the only option left.

Categories