Using the ActiveXObject object on IE. How can I submit a cross-domain request?
Setup a server-side proxy to make the request for you. Then invoke the proxy (locally) using AJAX.
I would really recommend using a javascript framework when dealing with ajax request. That way you don't have to get into the intricaties of each browser. My personal favorite is jQuery: http://www.jquery.com/
Now, when it comes to cross-domain, you have two situations:
Data is only available as XML => use a server-side proxy: http://ajaxpatterns.org/archive/Cross-Domain_Proxy.php
Data can be retrieved as JSON using JSONP: http://www.ibm.com/developerworks/library/wa-aj-jsonp1/
Whenever possible, when it comes to a web browser, I'd recommend JSONP for its simplicity. However, things can get tricky in case of error so, again for jQuery, I'd recommend the following plugin: http://code.google.com/p/jquery-jsonp/
Related
I would like to use Backbone.js with a REST api I control. I was hoping to have the REST api and the Backbone scripts live on a different domain but unfortunately this will be blocked, as it is a cross domain request.
Does Backbone.js have an built in functionality to support JSONP requests? Or, alternatively, does anyone have any experience with manually adding JSONP support to Backbone.js sync system?
JSONP support for GET operations can be added via fetch's options.
In the same hash where you configure your success and error handlers, add an object like so:
{dataType: "jsonp"}
This will pass along the jsonp option to JQuery's ajax handler, and automagically, you'll have JSONP support for retrieving models / collections.
You will not be able to use your entire REST API with JSONP. You can only call GET requests with JSONP (it works by writing a new <script> tag on the current document, then calling a javascript callback...).
To use all HTTP verb (POST, DELETE, PUT), you can use the CORS protocol : http://www.w3.org/TR/access-control/.
CORS is a protocol negotiated between a browser and a web-service that tells the browser that it is “OK” to execute Javascript code from a cross-domain call
To use this, you just need to include some custom headers in your server response that tells the browser that it's ok to accept cross domain requests. Here's an blog post that explains how to implement it with RubyOnRails (but it should be quite similar with others framework...) : http://www.tsheffler.com/blog/?p=428
It's the simplest solution, you can use backbone.js as if you where on the same domain, and it works with most current browsers (Internet Explorer 8+, Firefox 3.5+, Safari 4+, and Chrome) !
If you need older browser support, I did manage to make backbone work using easyXDM :
easyXDM is a Javascript library that enables you as a developer to easily work around the limitation set in place by the Same Origin Policy, in turn making it easy to communicate and expose javascript API's across domain boundaries.
It's a little more complicated, and works with a some well known iframe hacks (that are sometimes used in javascript widgets like GMaps, facebook widgets, ...).
Hope this help!
i need to consume a web api, which is located here
http://46.253.202.174:8080/ws-api/v1/rest/zdata/codesByJurAndUsage?jur=Boston,%20MA&usg=barber
I don't have any details of how it is implemented or access to the code of the API, I'm just trying to consuming the API, I can see the JSON return data if i type the url in the browser, but when i'm trying to call the API using $.getJSON, it gave me an access denied error. I understand that its a cross domain issue. I also tried a few other things, like jsonp data type, with no success. My question is, if i am able to see the results in a browser, shouldn't i be able to get the results from the scripts, or its no necessarily true?
Secondly, is there any other way, if the things i have tried so far was not successful.
thanks
You are correct, you won't be able to load this data via $.getJSON due to the Same Origin Policy restrictions. You'll need to load it via JSONP, or, if the service doesn't support JSONP (which it looks like it doesn't), via a proxy. A couple of options:
You can set up a proxy on your own server via PHP or another server-side language. This will allow you to request the data from your own server, getting around the same-origin restriction. You might look at a project like Simple PHP Proxy for this purpose.
You can use YQL as a proxy - this sends the data through Yahoo!'s servers and then you can load it via JSONP. Applying this technique with jQuery is discussed in this article.
You know the standard JavaScript include in HTML?
<script src="http://example.com/script.js"></script>
How can I post data to that src? Using AJAX or jQuery is probably not an option, unless you can get it to work cross-domain.
You can't post data and retrieve the content cross domain. It's a security issue.
You probably already realize this, but you can do GET requests by appending it to the url:
<script src="http://example.com/script.js?key=value&key2=value"></script>
You could also use a proxy to retrieve cross domain requests from a site. This project looks promising: https://github.com/jamespadolsey/jQuery-Plugins/tree/master/cross-domain-ajax/
But it appears to also only support GET requests through yahoo's server.
The only viable option is create a php(other other sever languages) proxy that you could filter through. It wouldn't be to difficult using php's curl API. There are equivalents in other server scripting languages.
I'm a little confused here, maybe someone can help.
1) Javascript ajax request question: Can I use XMLHttpRequest to directly make a request to any other website - not the originating server?
2) JQuery ajax request question: Can I use $.ajax to directly make a request to any other website - not the originating server?
Browsing the web, I've found some stuff about how this might be forbidden due to XSS(cross-site-scripting), and that the work-around is to use a server scripting language and a webservice...but whatever that's not any concern to me.
If anyone can answer, please help!
I believe there is a confusion of terms here. This has nothing to do with XSS. The reason why you cannot get information with javascript across different domains (even http vs. https on the same domain) is due to the Same Origin Policy, which exists to prevent confusion of a session on a trusted site with an untrusted one without the user's direct intervention (e.g. by choosing to visit the different domain). XSS is a totally different concept that has to do with the infusion of scripts into a page to with malicious intent for the user.
As for accessing across domains all hope is not lost. XMLHttpRequest vs. .ajax() doesn't matter, but jsonp allows for an exchange of information across domains. Since HTML5, postMessage() has also been introduced which allows communication across domains as well (and to scripts no less!)
this question discusses the same problem. you have to fetch contents of other site on server side
You can not cross-site ajax requests. When you use jquery $.ajax to get data from a different domain, behind the scenes jquery takes the url and appends a include in the header of the document.
You're correct this is forbidden for security reasons.
jQuery's .ajax() is a simple way to use JavaScript's XMLHttpRequest in one function. In the end, it's just XMLHttpRequest.
Cross Site Scripting (XSS) prevents all cross-domain requests, but yes, you can use a serverside solution to overcome it.
But then there's JSONP, which does let JavaScript do cross-site requests, but only for a limited dataset.
Yes, it's possible with JSONP. Use it like this:
$.ajax({
url: 'remote_url',
type: 'post',
dataType: 'jsonp', //This does the trick
success: function(remoteData){
//Use remoteData here. Note it's already json parsed, so it's a javascript object
}
});
Hope this helps
Lastly you CAN make cross domain ajax if the server you are calling has implemented CORS and allows your domain to call it
1) Javascript ajax request question: Can I use XMLHttpRequest to directly make a request to any other website - not the originating server?
No, the server at the domain you're trying to connect to must accept cross-domain AJAX; otherwise, the only way to access this data is by using a page at your server that will proxy the requested data to your visitors.
2) JQuery ajax request question: Can I use $.ajax to directly make a request to any other website - not the originating server?
jQuery AJAX technology is actually a wrapper around the native XMLHttpRequest, so if the normal XMLHttpRequest works, the same should be true for jQuery.
I'm currently working on a web application that customers can add to their webpages by adding a javascript link to a js file on my server. The application read all the javascriptfiles from my sever, but I still get an error when trying to use ajax to get data from my database. I didn't think that would be a problem because the files is on my server.
Can I fix this or do I have to make a cross-browser solution? I don't have any control over the costumers server.
Thanks in advance
Mikael
This is not possible: When you execute a remote script, it runs in the context of the containing document.
There are some popular workarounds for this:
Using an iframe, which fixes the cross-domain problem but doesn't integrate well with the remote site (e.g. no custom styling)
Using JSONP to make cross-domain Ajax requests (detailed explanation here)
Using a server-side proxy script (not an option in this scenario)
Using YQL (I'm not familiar with this but it's said to work)
The same origin policy is based on the host document not the script itself.
You need to use a cross domain ajax technique.