Cross-domain ajax

@BengaltgrsMar 23.2009

I’ve been doing a lot of reading up on how to access cross-domain data, and would like to see if anyone else has some perspective on this. Using the standard XMLHttpRequest object won’t work due to the security restrictions, and I’ve seen quite a few people using a JSON approach as described in this article:

~~[url]~~http://www.javaworld.com/javaworld/jw-11-2006/jw-1115-json.html?page=2[/url]

The only issue I see with this method is that the JSON data is retrieved using a GET request, but what if the URL being accessed to return the JSON data required specific headers or POST data? I’ll most likely end up writing a proxy PHP page to access the data, but I was wondering if anyone has done anything similar using only javascript (no proxy page).

to post a comment

JavaScript

14 Comments(s) _↴

@trandrusMar 23.2009 — #use a proxy that returns data in json format. cross domain (or cross protocol) scripting is a bad idea.

@svidgenMar 23.2009 — #I believe I have read somewhere that you can use a Java applet or Flash script to make requests for your JavaScript. I can't say that with 100% certainty though--I've never tried it.

@trandrusMar 23.2009 — #this is a good summary:

http://snook.ca/archives/javascript/cross_domain_aj/

both json and flash approaches require modification of the remote server (which is usually not possible in service-oriented environments) leaving the proxy method. if you have access to both servers, you have choices...but i wouldn't use the flash method unless it's absolutely necessary, i.e. you have an all flash site. proxy is almost always the best approach.

@svidgenMar 23.2009 — #What about using a Java applet? Is that possible? Or have I imagined that option?

@trandrusMar 23.2009 — #Java applets are complied so that seems possible too, though I've never seen it in practice. However, programmers often forget that they don't need to reinvent the wheel, or the browser's back button, or the xmlhttprequest object, or PHP/cURL.

@svidgenMar 24.2009 — #Right. I'm just curious in terms of the cross-domain abilities without having to use a proxy server (just a proxy applet).

@chazzyMar 24.2009 — #calling it a proxy server is a bit of an overstatement. in the simplest case, it could be a plain php script that takes an arg of where to GET/POST to, and the data to post, then does the HTTP transmission for you.

@svidgenMar 24.2009 — #I don't know the full extent of mod_proxie's capabilities offhand, but you may not even need a script if you're going the proxy route:

You can use mod_rewrite to forward requests to the mod_proxy.

A sample rewrite rule ...
^{^/somepath(.*)} http://otherhost/otherpath$1 [P]
[/QUOTE]

@BengaltgrsauthorMar 24.2009 — #So my real goal here is to allow people access to the API for my web service through straight javascript. I was trying to think of a way to let people access the API without using a proxy of any kind, but the more I think about it, that's probably the best option.

@svidgenMar 24.2009 — #Oh ... well, if [B]you're[/B] writing the service and API, you can just dynamically add SCRIPT tags to make your calls. Here's an example: http://thepointless.com/time_test_3325.html.

The example page dynamically adds a SCRIPT tag, sourced from svidgen.com. Here's the "AJAX":

[code=html]			var notStopped = true;
 
   function doTimetest() {
   if (notStopped) {
   var temp = document.createElement('script');
   temp.type = 'text/javascript';
   temp.src = 'http://svidgen.com/time_test_3325.php';
   document.body.appendChild(temp);
   }
   }
 [/code]

If the cross-domain aspect is working, you'll see a timestamp when the page loads. If the timestamp fails to update every 5 seconds, it's probably due to browser caching (I believe Safari is guilty of this).

This method has never failed me, and I'm pretty sure it worked long before the term AJAX was coined. It's the only one I know to be cross-domain compatible without a proxy. I know the above example to work in FF 2 - 3.0.7 and IE 6 - 7.

I'll leave the script up for a few days unless my server(s) get hammered.

@BengaltgrsauthorMar 25.2009 — #Thanks for the code, but unfortunately for what I'm doing it won't work for the same reason the JSON article I originally posted won't work. My API requires authentication which I can't accept through the URL, for security reasons. I still may have a place for that code somewhere though..

@svidgenMar 25.2009 — #My API requires authentication which I can't accept through the URL, for security reasons.[/QUOTE]
You can could authenticate via an iframe. I can supply a theoretically "fail-proof" method if necessary. Or, you could RSA encrypt the password (plus salt) in javascript.

@DigitalMafiaProMar 25.2009 — #The best way to accomplish this it to use your server as a proxy. Don't go cross domain on the Client, do it at the server and then pass the results back to the client.

Call your WebService, PHP, page, whatever, passing the necessary parameters. Then implement the call to the other domain, wrap up that response and return it to your client.

Depending on the form which that data is returned from the other domain, you may need to do some other processing on the client, but it resolves the problem quite nicely!

Just a suggestion, but an effective one!

@KuriyamaMar 25.2009 — #If you are using Java or .NET implement a web service

Also in #JavaScript _↴

PHP Add to Session Array checkbox dilema Tabs links inside tab to other tabs work but active class not visible & external link

Success!

Help @Bengaltgrs spread the word by sharing this article on Twitter...

Tweet This

Cross-domain ajax

14 Comments(s) _↴

Also in #JavaScript _↴

Success!

Social

Version

Cross-domain ajax

14 Comments(s) ↴

Also in #JavaScript ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

14 Comments(s) _↴

Also in #JavaScript _↴