JavaScript - Read Before Asking About Cross Domain Ajax
Hi All,
I'm writing this post as there are alot of questions about Cross Domain AJAX request so i'm going to give an overview of the different ways and the best practices Ok so there are 2 systems for this the key difference is how much control you have. If you control the Requested site you can use Javascript Safe calling to that server, this is all done via a few Headers so to do this all you have to do is send some headers from the page your requesting. The first is tell the browser that the site the AJAX call is coming from is allowed this is done with "Access-Control-Allow-Origin: " Now this can be set to a wild card and allow all sites to access the page "Access-Control-Allow-Origin: *" Or you can say only a set server can "Access-Control-Allow-Origin: mydomain.com" This header allows GET requests but what if you need to post data to the site well you need to tell the browser that POST data is allowed to be sent Access-Control-Allow-Headers: GET,POST Now we run into the problem that sending post data the browser will send the header Content-Type but your server has not told the browser its allowed to send that header so Access-Control-Allow-Methods: Content-Type Will allow the header to be sent if you wish to send any other custom headers you have to make your server tell the browser its allowed to send them this is done by adding them as a comma delimited list via the "Access-Control-Allow-Headers" header Now if you dont have control well then your back to using a script that is local to the AJAX script then sending the data via cURL or another connection method to the remote server Please note i will be uploading examples in php later. Example Scripts Remote Server PHP Code: header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Headers: GET,POST"); header("Access-Control-Allow-Methods: Content-Type"); $output = array( 'response' => 'hello world!', '_GET' => $_GET, '_POST' => $_POST, ); echo json_encode($output); Client Script -- please note built for Google Chrome PHP Code: var getExample = new XMLHttpRequest(); getExample.open("GET", "http://www.test.com/remote.php?test=set", true); getExample.onreadystatechange = function(requestHandle){ console.debug(requestHandle); } getExample.send(null); var postExample = new XMLHttpRequest(); postExample.open("POST", "http://www.test.com/remote.php?test=set", true); postExample.onreadystatechange = function(requestHandle){ console.debug(requestHandle); } postExample.setRequestHeader("Content-Type", "x-www-urlencoded-data");// this is sent to prevent the requested server not saving post data postExample.send("?set=test"); If you are unable to Edit files on the remote server you can use the link provided by Kor http://www.troywolf.com/articles/ This will give you all the information you require to use php to talk to the remote server (basic proxy in effect) Similar TutorialsHi, I have searched and searched... Is there a way of using the Ajax httpRequest cross domain? thanks Hello, I am trying to create an imageuploader for my forum hosted on domain forum.com (fictional domain name) The image uploader is hosted on domain uploader.com (fictional domain name) When the uploader is done i want info to be passed from the uploader to the texteditor on the forum using javascript. I tried everything i could think of with document.getElementById but to no avail. The element on the forum is clickableEditor.textarea Is it possible and if so, can someone please help me out? hi, in my page he http://www.mypubspace.com/dashtest/order.html I would like this working Cross Domain and output in JSON? Can anyone please help me? thanks code: Code: <html> <body> <script language="javascript" type="text/javascript"> <!-- //Browser Support Code function ajaxFunction(){ var townRequest; // The variable that makes Ajax possible! try{ // Opera 8.0+, Firefox, Safari townRequest = new XMLHttpRequest(); } catch (e){ // Internet Explorer Browsers try{ townRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try{ townRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ // Something went wrong alert("Your browser broke!"); return false; } } } // Create a function that will receive data sent from the server townRequest.onreadystatechange = function(){ if(townRequest.readyState == 4){ var ajaxDisplay = document.getElementById('ajaxDiv'); ajaxDisplay.innerHTML = townRequest.responseText; } } var name = document.getElementById('name').value; var county = document.getElementById('county').value; var town = document.getElementById('town').value; var queryString = "?name=" + name + "&county=" + county + "&town=" + town; //Add the following line townRequest.open("GET", "http://www.mypubspace.com/dashtest/townpubs.php" + queryString, true); townRequest.send(null); } function countyFunction(){ var countyRequest; // The variable that makes Ajax possible! try{ // Opera 8.0+, Firefox, Safari countyRequest = new XMLHttpRequest(); } catch (e){ // Internet Explorer Browsers try{ countyRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try{ countyRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ // Something went wrong alert("Your browser broke!"); return false; } } } // Create a function that will receive data sent from the server countyRequest.onreadystatechange = function(){ if(countyRequest.readyState == 4){ var ajaxDisplay = document.getElementById('ajaxDiv'); ajaxDisplay.innerHTML = countyRequest.responseText; } } var name = document.getElementById('name').value; var county = document.getElementById('county').value; var town = document.getElementById('town').value; var queryString = "?name=" + name + "&county=" + county + "&town=" + town; //Add the following line countyRequest.open("GET", "http://www.mypubspace.com/dashtest/countypubs.php" + queryString, true); countyRequest.send(null); } function townlistFunction(){ var ajaxRequest; // The variable that makes Ajax possible! try{ // Opera 8.0+, Firefox, Safari ajaxRequest = new XMLHttpRequest(); } catch (e){ // Internet Explorer Browsers try{ ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try{ ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ // Something went wrong alert("Your browser broke!"); return false; } } } // Create a function that will receive data sent from the server ajaxRequest.onreadystatechange = function(){ if(ajaxRequest.readyState == 4){ var ajaxDisplay = document.getElementById('ajaxTownlist'); var county = document.getElementById('county').value; var town = document.getElementById('town').value; ajaxDisplay.innerHTML = ajaxRequest.responseText; } } ajaxRequest.open("GET", "http://www.mypubspace.com/dashtest/town-select.php", true); ajaxRequest.send(null); } function countylistFunction(){ var ajaxRequest; // The variable that makes Ajax possible! try{ // Opera 8.0+, Firefox, Safari ajaxRequest = new XMLHttpRequest(); } catch (e){ // Internet Explorer Browsers try{ ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try{ ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ // Something went wrong alert("Your browser broke!"); return false; } } } // Create a function that will receive data sent from the server ajaxRequest.onreadystatechange = function(){ if(ajaxRequest.readyState == 4){ var ajaxDisplay = document.getElementById('ajaxCountylist'); ajaxDisplay.innerHTML = ajaxRequest.responseText; } } ajaxRequest.open("GET", "http://www.mypubspace.com/dashtest/county-select.php", true); ajaxRequest.send(null); } function MM_jumpMenu(targ,selObj,restore){ //v3.0 eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'"); if (restore) selObj.selectedIndex=0; } //--> </script> <a href="#" onClick="townlistFunction();">show towns list</a> <a href="#" onClick="countylistFunction();">show counties list</a> <form name='myForm'> <div id="ajaxTownlist"></div> <div id="ajaxCountylist"></div> <input type='hidden' id='name' /> <input type='hidden' id='county' /> <input type='hidden' id='town' /> </form> <div id='ajaxDiv'></div> </body> </html> Hi guys. I want to create login form similar like facebook login which web owner can put the script and it will become login for their web and also it will auto register at their web. I believe it need to use javascript because javascript is cross platform. Can someone give me a clue for me to start on? JavaScript code is not traversing via Iframe with Cross Domain. Actually i was assigned with a project, to grab the top page URL, which has many Iframes, which are coming from different domains. The final sub domain has the JavaScript code, which has to grab the top page URL. Can anyone help me out in this???? hi, my working project (needs a proxy): http://www.mypubspace.com/dashtest/order.html currently working through this tutorial, I have setup a proxy and saved it as proxy.php http://www.wait-till-i.com/2010/01/1...query-and-yql/ I just need to put this piece of code in my JavaScript but not sure where?! Code: var url = $(this).attr('href'); if(url.match('^http')){ url = 'proxy.php?url=' + url; } here is my project code Code: <html> <body> <script language="javascript" type="text/javascript"> <!-- //Browser Support Code function ajaxFunction(){ var townRequest; // The variable that makes Ajax possible! try{ // Opera 8.0+, Firefox, Safari townRequest = new XMLHttpRequest(); } catch (e){ // Internet Explorer Browsers try{ townRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try{ townRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ // Something went wrong alert("Your browser broke!"); return false; } } } // Create a function that will receive data sent from the server townRequest.onreadystatechange = function(){ if(townRequest.readyState == 4){ var ajaxDisplay = document.getElementById('ajaxDiv'); ajaxDisplay.innerHTML = townRequest.responseText; } } var name = document.getElementById('name').value; var county = document.getElementById('county').value; var town = document.getElementById('town').value; var queryString = "?name=" + name + "&county=" + county + "&town=" + town; //Add the following line townRequest.open("GET", "http://www.mypubspace.com/dashtest/townpubs.php" + queryString, true); townRequest.send(null); } function countyFunction(){ var countyRequest; // The variable that makes Ajax possible! try{ // Opera 8.0+, Firefox, Safari countyRequest = new XMLHttpRequest(); } catch (e){ // Internet Explorer Browsers try{ countyRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try{ countyRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ // Something went wrong alert("Your browser broke!"); return false; } } } // Create a function that will receive data sent from the server countyRequest.onreadystatechange = function(){ if(countyRequest.readyState == 4){ var ajaxDisplay = document.getElementById('ajaxDiv'); ajaxDisplay.innerHTML = countyRequest.responseText; } } var name = document.getElementById('name').value; var county = document.getElementById('county').value; var town = document.getElementById('town').value; var queryString = "?name=" + name + "&county=" + county + "&town=" + town; //Add the following line countyRequest.open("GET", "http://www.mypubspace.com/dashtest/countypubs.php" + queryString, true); countyRequest.send(null); } function townlistFunction(){ var ajaxRequest; // The variable that makes Ajax possible! try{ // Opera 8.0+, Firefox, Safari ajaxRequest = new XMLHttpRequest(); } catch (e){ // Internet Explorer Browsers try{ ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try{ ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ // Something went wrong alert("Your browser broke!"); return false; } } } // Create a function that will receive data sent from the server ajaxRequest.onreadystatechange = function(){ if(ajaxRequest.readyState == 4){ var ajaxDisplay = document.getElementById('ajaxTownlist'); var county = document.getElementById('county').value; var town = document.getElementById('town').value; ajaxDisplay.innerHTML = ajaxRequest.responseText; } } ajaxRequest.open("GET", "http://www.mypubspace.com/dashtest/town-select.php", true); ajaxRequest.send(null); } function countylistFunction(){ var ajaxRequest; // The variable that makes Ajax possible! try{ // Opera 8.0+, Firefox, Safari ajaxRequest = new XMLHttpRequest(); } catch (e){ // Internet Explorer Browsers try{ ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try{ ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ // Something went wrong alert("Your browser broke!"); return false; } } } // Create a function that will receive data sent from the server ajaxRequest.onreadystatechange = function(){ if(ajaxRequest.readyState == 4){ var ajaxDisplay = document.getElementById('ajaxCountylist'); ajaxDisplay.innerHTML = ajaxRequest.responseText; } } ajaxRequest.open("GET", "http://www.mypubspace.com/dashtest/county-select.php", true); ajaxRequest.send(null); } function MM_jumpMenu(targ,selObj,restore){ //v3.0 eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'"); if (restore) selObj.selectedIndex=0; } //--> </script> <a href="#" onClick="townlistFunction();">show towns list</a> <a href="#" onClick="countylistFunction();">show counties list</a> <form name='myForm'> <div id="ajaxTownlist"></div> <div id="ajaxCountylist"></div> <input type='hidden' id='name' /> <input type='hidden' id='county' /> <input type='hidden' id='town' /> </form> <div id='ajaxDiv'></div> </body> </html> please help?! Hi, I'm currently developing an application (in php) for a website that is to be integrated into their website using iframe. It's imperative that it's done using iframe as I am placing the application on my own server. In short, the iframe element appears on my customer's website (lets say customer.com) - something like this: <iframe width="440" height="500" frameborder="0" scrolling="no" src="http://www.myserver.com/index.php"></iframe> However, it's quite imperative that my application (i.e. what's located at myserver.com/index.php) only can be shown in iframe elements placed at customer.com. That is: I want to make sure that a similar iframe element from another web server (lets say anothercompany.com) has the possibility to iframe my application located at myserver.com. My first idea was to check this using php in my application: by looking at HTTP_REFERER, I can get the location of the page containing the iframe element. That solution seems to work fine. However, as is well known, it is possible to spoof and even hide the http_referer server variable. Still, as I only want to make sure that no other server accesses the application through an iframe object, it should perhaps be an okay solution - if someone wants to access the application from their own browser, and spoofing the HTTP_REFERER variable, I'm fine with that. (I just want to make sure that only customer.com, and not anothercompany.com, can integrate the application with an iframe). The other thought I had was to use javascript and DOM stuff. The idea is then to use javascript to check that the application has a parent frame and that its location is at customer.com. However, as we are dealing with two different domains here, I'm having a lot of problems getting the document.parent.location variable - it's not allowed! Any solutions on how to do this in javascript? Any way to bypass the obstacle above? Or perhaps javascript isn't the best way? My guess is that there is a solution out there somewhere - I guess there are a lot of ads that are integrated into various websites using iframe, and where the actual content (i.e. what's inside the iframe element) can check which server is embedding the ad through an iframe element. Anyone know if there is a way to get the title string from an iframe src coming from another domain?
I read the "http://bodybrowser.googlelabs.com/body.html" page into an Iframe on my page. I now need to print the "viewcontainer" DIV that resides in the iframe. Accessing divs in an iframe is an issue with cross domain sources. Can anyone help me with a workaround or different idea? Thanks in advance!! I've been working on a site where the content is displayed in an iframe. The iframe content is on a different domain than the iframe itself. I've already got around the cross-domain problems by creating a file on the parent domain that the iframe content references via another iframe. (which uses parent.parent to skip the permissions issue) That was all fine and pressing back and forward in the browser navigated back and forward in the iframe (at least in FF, not 100% sure about other browsers) Then the client wasn't happy that the url in the browser didn't change and pages couldn't be bookmarked. So I created a solution where the parent.parent.location.href was changed to be domain.com/#/path/to/iframecontent.php so that pages could be bookmarked, that works fine but now back and forward don't work, or more specifically the url changes correctly but the iframe content doesn't go back. I'm wondering if anyone out there has a jquery solution to using an iframe that automatically adjusts it's height of the child and also works cross domain. Any help would be greatly appreciated. I'm facing an issue with fetching the page URL from an IFRAME with cross domain. Is there any approach/ any ways to achieve this? Hi, I have an ajax script that I would like to use to retrieve a password hint from a database. Both the ajax script and the php retrieval script are stored on the same domain (we'll call it domain1.com), but the ajax script runs on another domain (domain2.com). All the scripts are working fine, individually, but when I try to integrate them, I'm getting a ready state of 4, but an HTTP status of 0. I've traced the code flow and the retrieval script is being called by the ajax script OK and it's echoing all the right stuff, but it's just not getting back to calling ajax routine. I've read that an ajax routine can only call a script that resides on the same domain that it runs on. Is this correct and, if so, does anyone know of a work around, because I really need to be able to store the ajax script on domain1 and run it on domain2? If not, then can anyone suggest why I'm getting an HTTP status of 0, when all the individual components are working fine? Debbie Hello all, I am building a service that other developers will use. As part of this, they need to embed a form on their website. This form will be hosted on my server, be updated periodically, etc. We'd been trying to create a Javascript file that would use JQuery to load the form, but we're running into issues from the Same Origin Policy, where Ajax requests cannot be made across different domains. Does anyone have an idea of how to fix this? We thought about using an iframe, but that solution will not suffice. Thanks! Hi there everybody, I've got this problem which I can't solve myself... I've got a website which has 3 colums and is hosted on domain1.com. in the right column I've got an Iframe which loads content from domain2.com . this content are some textboxes and a datepicker tool. if I press the 'search'-button in this Iframe I would like to refresh the mainpage (from domain1.com) so that another Iframe appears in the middle column. in this column i would like to load a new form from domain2.com which contains the values that I've put in in the form from the right Iframe. Unfortunally I can't get this to work... Will somebody please help me? Hi, I am hoping I just need to be pointed in the right direction with this. I have Page1. When Page1 body onloads it uses Ajax to call PartA Within PartA I have a message board so members can write messages which will be sent to my database in PartA[1] and immediately posted for view on to PartA[2]. As I want to have my request to the server updating regularly I want to have PartA[2] on a timed loop to refresh - I do not need the content of PartA[1] to refresh. So the order of events would look like this: Page1 | onload call | v PartA / \ V V PartA[1] PartA[2] (loads once) (constantly refreshes) What I am not sure about is that I have <body> and <head> attributes in Page1 only. I have already used my body onload to call PartA (and can't use it to call PartA[2] before PartA has loaded anyway). I do not want the user to have to click a button or do anything to call up PartA[2]. So my question is how would I get PartA[2] to automatically load within PartA? I hope I have made this clear, but if I haven't let me know and I will try again. if I set a cookie for domain=.domain.com how do I read the cookie for domain=.domain.com, cause the javascript won't no that the cookie even exist? Been running a lot of test on this today, and can't find the right solution. Hi All I have a list of links on my website with anchors coded the following way: <ul class="fav"><a href="/cgi-bin/send.pl?ID=XX" onMouseOver="window.status='http://www.domain.com'; return true;" onMouseOut="func_clear(); return true;" onClick="stat(294);" target="_blank">Linked domain name</a></ul> Then I have found on http://www.askthecssguy.com/2006/12/..._favicons.html a javascript to display a favicon image before each one of my links in the list; this script is working fine when getting the domain name from href value. But in my case the suitable domain name to load each favicon is present in window.status value. I have played a bit with the above scripts and finally I'm trying to use the following function: Code: function faviconizeFavicon() { if (!document.getElementsByTagName) return false; if (!document.createElement) return false; var ul = document.getElementsByTagName("ul"); for (var i=0; i<ul.length; i++) { if (ul[i].className == "fav") { var links = ul[i].getElementsByTagName("a"); for (var j=0; j<links.length; j++) { var hrefvalue = links[j].parentNode.innerHTML; var domain = 'default_favicon.gif'; domain = hrefvalue.match(/(\w+):\/\/([^/:]+)(:\d*)?([^# ]*)\'/g); try{ var cue1 = document.createElement("img"); cue1.className = "favicon"; cue1.src = 'default_favicon.gif'; cue1.id = 'img' +i+ j; links[j].parentNode.insertBefore(cue1,links[j]); var cue = document.createElement("img"); cue.className = "favicon"; var cuesrc = "http://"+ domain + "/favicon.ico"; cuesrc = cuesrc.replace("http://http://","http://"); cuesrc = cuesrc.replace("'/favicon.ico","/favicon.ico"); cue.setAttribute("imgid",'img' +i+ j); cue.setAttribute("src",cuesrc); cue.onload = function () { document.getElementById(this.getAttribute("imgid")).src = this.src; } cue.setAttribute("src",cuesrc); } catch ( ex ) { } } } } } This javascript should display first the default locally available favicon gif before each link and then try to load original favicons from each domain and display them at the place of default favicon gif only if available. The above code works with any console errors but very randomly and not with all websites ?? Some favicons are loaded from distant websites and some of them never, independing of network quality or other factors! So I'm wondering why this code is not working for each link ? My question is: could you please have a look on my following Regex if this should work in every case with each domain name ? domain = hrefvalue.match(/(\w+):\/\/([^/:]+)(:\d*)?([^# ]*)\'/g); I put the apostrophe at the end because my url in window.status is always ended by a single closing. Also I'm asking if taking into account that ONLY my window.status value is placed between single apostrophes and ALL other values of my anchors are opened and closed with double apostrophes, maybe it would be easier to get my domain value searching for any value between two single apostrophes ?? My another question is: Is it possible that other javascripts present in my html code could interfere with this script and make it working randomly ? Thanks in advance for any clues Hi, I am confused how to make this javascript work as I want it to be. Right now the code forces pop unders in IE and FF and it's coded that way that the pop under will pop up once on the main domain per day per customer. My problem is that it also pops up on every subdomain and it doesn't recognize the subdomains and so pops up everytime I browse through my subdomains. Yet I am new and I tried searching the form for an answer. I added the /path function, but that didn't work, Mostlikely because I added it at the wrong spot. I am not a real programmer myself, so excuse me if the answer is real simple. Thanks in advance. The script I am talking about: ========================= Code: <script type="text/javascript"> var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } win = window.open(url, 'wmPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=600,width=800'); if ( win ) { win.blur(); puShown = true; } return win; } function setCookie(name, value, time) { var expires = new Date(); expires.setTime( expires.getTime() + time ); document.cookie = name + '=' + value + '; expires=' + expires.toGMTString(); } function getCookie(name) { var cookies = document.cookie.toString().split('; '); var cookie, c_name, c_value; for (var n=0; n<cookies.length; n++) { cookie = cookies[n].split('='); c_name = cookie[0]; c_value = cookie[1]; if ( c_name == name ) { return c_value; } } return null; } function initPu() { if ( document.attachEvent ) { document.attachEvent( 'onclick', checkTarget ); } else if ( document.addEventListener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popundr') ) { var e = e || window.event; var win = doOpen('http://www.examplesite.com'); setCookie('popundr', 1, 24*60*60*1000); } } initPu(); </script> Hi: I am having an issue that is quite strange. I have some javascript included into a page. It is working perfectly on one website. I duplicated the exact page to another domain and it wont work there at all. I have verfied that the html and javascript are exactly identical on both sites. Please help. Note: Both sites are defined in IIS on the same server. Also both sites directories are on the same server. Code: <link rel="stylesheet" href="http://jqueryui.com/themes/base/jquery.ui.all.css"> <script src="http://jqueryui.com/jquery-1.4.4.js"></script> <script src="http://jqueryui.com/ui/jquery.ui.core.js"></script> <script src="http://jqueryui.com/ui/jquery.ui.widget.js"></script> <script src="http://jqueryui.com/ui/jquery.ui.accordion.js"></script> <script> $(function () { $("#accordion").accordion(); }); </script> |