Access denied problem in AJAX - javascript

I want to parse a web page into my page, so i prefer AJAX in my code.
While using the AJAX it showing "Access denied" - before fetching the specified page. The page doesn't consider any login information.
Even though i cant able to get the page of google too..
Please guide me to how to use the AJAX so for
Thanks,
Praveen

You can send XMLHttpRequests only to your domain.
if your site is example.com you can send XMLHttpRequests only to example.com.
Firefox 3 supports cross-domain requests but you need to send Access-Control first.
The solution is to send a request to your domain and fetch cross-domain content via some server language (Java, PHP, Python, etc.)

You can also use a hack to retrieve data through a CSS include http://nb.io/hacks/csshttprequest

Related

Retrieving cookies with javascript XMLHTTPReq

Just wondering if it's possible to use an XMLHTTPReq to login to a website, and store the cookie. Specifically I'm after the PHPSessionID from the website I am logging into.
I then want to pass this cookie into another request to submit a form.
Any ideas of how to do this?
Cheers,
Nick
You will be able to get your own site's cookies from document.cookie. In the AJAX callback, use a library to parse the value and read the cookie you're looking for.
Of course, if the server sets the cookie HttpOnly (which it should be doing), it won't be available in document.cookie.
At this pont, you need to reevaluate what you're doing:
If the form points to your website, your server script would have access to the cookie anyway.
If you're sending the user's session ID to another domain, why? This is a huge red flag that screams security problem.
If you're logging in to another site, then no – the same-origin policy prevents you from accessing another site's cookies.
Edit: Since this is for your own use, you can do this in a way you're not limited by the browser's origin restrictions. Some thoughts:
You could make a Chrome extension. Extensions aren't subject to origin restrictions, and the development model and API is pretty much the same as what you'd do on a regular web page.
You could use Node, which has no restrictions. You'd be able to invoke your script from the command line, but the API is going to be slightly different that what you'd use in a web page.
Use your language and framework of choice to POST to the login page, get the Set-Cookie header in the response, and use it to send a Cookie header in another POST to the form target.
You can only send cross-origin requests using XHR if both the browser and server support CORS. Additionally, the third party site needs to allow your site to send such requests and to receive its responses. If it doesn’t, you aren’t allowed to send the request or receive its response respectively.

How do I get Ajax working with a Bookmarklet and bypass the Javascript Same Origin Policy?

I am trying to write a Bookmarklet and the goal is to be able to submit information from any site X (the origin page they are on when clicking the bookmarklet) to my site's servers while staying on site X.
Ideally, I would be able to send a response back and have it pop up somewhere but this is not necessary.
I keep running into the issue of the same origin policy -- that from site X, XMLHttpRequests can only be initiated with site X's domain.
Does anyone know of a way around this (or a tutorial they can point me to)? some Ajax with a Bookmarklet?
Thanks so much!
You can perform cross domain ajax request (send using GET and receive the data as JSON) using JSONP.
The bookmarklet that you load can POST data to your server from the host page. This is strange, but only Javascript is restricted by the Same Origin Policy.
Making GET or POST calls to another server work fine.
The bookmarklet can inject a hidden IFRAME in the host page , with a src attribute like http://yourdomain.com/listen.
Then build a FORM with the attribute:target pointing to that IFRAME.
And finally submit the form to POST the data.
The sad news, is SOP won't let you read the response of the POST directly, as it happens in the IFRAME and has another domain than the host page.
But if you need a feedback of the request, your bookmarklet can use setInterval to poll every X milliseconds and ask the status of the request, using JSONP.
Calling something like:
http://yourdomain.com/get-post-status?id=2234234&callback=showResult

How to make cross domain request using ajax or javascript?

I have some Pre built script that makes some ajax request to one website. And it's working fine. But I am not able to make request to there some domains.
My working Process:-
1) I have pre built script on http://www.Test.com/a.js now i am calling this js in this domain http://www.test1.com by pasting the code to URL and it's working fine.
2) Now When I want to call one page from This http://hello.test1.com/as.php but it's showing some errors. How could i make request to subdomain page from main domain page.
Please let me know how can i do this.
Thanks in advance.
Your various options for cross-domain requests are:
The new Cross-Origin Resource Sharing (CORS) standard, if the browsers your users use support it and the server has support for it. Note that a lot of general web users still have browsers that don't support it.
JSON-P ("JSON with padding"), which is basically a dynamically-added script element
Using YQL (Yahoo Query Language) as a cross-domain proxy
There are several work arounds for cross domain scripting restrictions. easyXDM seems to do what you want.
You can use php curl to do the cross domain request using ajax. An ajax request will call php curl page which in turn will call cross domain with url specified in php curl page and return back the response .
I have implemented same and it works fine. Hope this helps Thanks.

javascript / ajax question

I'm wondering if anyone knows a javascript library where I could remotely login to a site, then browse pages upon logging in.
This is very easy with php's curl but I'm wondering if there is a javascript equivalent where I can execute multiple remote url's under a single http session.
Basically what I'm looking to do is post a username/password to one of my sites and then immediately post some other commands to a different url (same remote domain) using the authenticated session.
I haven't come across anything like this yet so I'm wondering if anyone can point me in the direction (if it's even possible). Can definitely be HTML5.
Due to same origin policy restrictions in browsers this is not possible using javascript. You need a server side script that will act as a bridge between your site and the remote sites. Then talk to this local script using AJAX.
There are some techniques available to bypass the same origin policy:
If you don't need to read the response of your POST calls, you can create a FORM by javascript with an action to any url (not limited to the same origin policy) like in this question: How do I send a cross-domain POST request via JavaScript?
But this means you rely only on session cookies for the security, this is open for XSS attacks.
As you own the other domain site, you could develop a small service that returns a JSON with the data you need, and use the JSONP technique, eg:
<script src="http://otherdomain/curl?url=page.html&callback=cb">
</script>
May be you could signin before using the POST technique above and sending a secret token that you reuse in the url to improve the security.
And finally there is a way to act/read on other pages using a bookmarklet.The idea is to inject in the other domain's page a script that can run with all the privileges, and send back information to your domain.
But this requires a manual action (click a link or a browser bookmark)

How can i get around the same origin policy?

I need to use AJAX to get the content of another page located on a different server from the one the AJAX is loaded from. The AJAX needs to send a POST request then return the result. how can i do this?
Set up proxy on your own server. Have your server call theirs and return the result.
if you control both servers, you can use one of the HTTP header fields for cross-origin resource sharing:
http://www.petefreitag.com/item/703.cfm
https://developer.mozilla.org/En/HTTP_access_control
There is no way to go around that policy. This policy is there for very good reasons.
That is also no problem as long as you're in control over the web application. You could simply redirect the call to the other server from your webserver and pass the result. This would work out like a proxy.
If you want to do that on the client and cross browser, you need some cooperation from the other server.
Either by:
1) using JSONP (inject a script tag with a callback function)
Only GET calls are possible though.
Security is an issue as the script has access to all resources in that page(data, cookies, ...).Here's a post that explain how to sandbox them and keep the data in your page safe.
2) POST looks possible using Kris Zip's window.name technique
If the cooperation from the other server is impossible, the server proxy as described in other answers is, to my knowledge, the only option left.

Categories