Geek Answers Handbook

Cross domain Ajax request with jQuery / PHP

Help if you can -

Situation:

http://foobar.com includes a remotely hosted javacript file ( http://boobar.com/stuff.js ).

The goal is simply to get a warning from a remotely hosted php script on foobar.com

I tried the following code in stuff.js file:

$.ajax({ type: "GET", url: "http://www.boobar.com/script.php?callback=?", dataType: 'jsonp', success: function(result) { alert(result); } });

Bad luck.

 $.getJSON("http://www.boobar.com/script.php?jsonp=?", function(data) { alert(data); } );

Also out of luck.

On the php side, I tried to do the following:

 return json_encode(array(0 => 'test')); echo json_encode(array(0 => 'test'));

In Firefox, I get a security error. I understand that he believes that I am violating the security model. However, according to the jquery documentation, I should be able to accomplish this.

+4
source share
6 answers

The error seems to be a Same Origin Policy security feature: for simplification, you can only make AJAX requests for material on the source server ( http://foobar.com ). One way is to make a simple facade on the source server, for example:

  <?php // this file resides at http://foobar.com/getstuff.php echo file_get_contents('http://www.boobar.com/script.php?callback=?' . $possibly_some_other_GET_parameters ); ?>

Then from foobar.com you can make an AJAX request for http://foobar.com/getstuff.php (which, in turn, makes an HTTP GET request from your web server to boobar.com and sends it back to the browser) .

In the browser, the request is sent to the source server and allowed (the browser does not know that the answer comes from somewhere else behind the scene).

Cautions:

  • The PHP configuration on foobar.com must have allow_url_fopen set to "1". Although this is the default, some servers are disabled.
  • The request for www.boobar.com is made from the foobar.com server , not from the browser. This means that no cookies or user authentication data are sent to www.boobar.com, no matter how you place the request URL (" $possibly_some_other_GET_parameters ").
+8
source

You can receive data from another server asynchronously using script and json tags:

 <script type="text/javascript" src="http://somesite.com/path/to/page/"></script>

You can use this to dynamically load remote javascript (by creating a new script element and setting the src attribute and then loading into the DOM), which could set the variable. However, you really need a trust remote site, because JS will be evaluated without any preconditions.

+4
source

There is a method called window.name transport or window.name method that uses a common browser error (not sure if it really is an error). You make a request through an iFrame, and the loaded page puts the necessary information into the "name" property of the JavaScript window object itself.

This method uses "blank.htm" because it first goes to the landing page and then returns to the blank.htm page to overcome the "same source" restriction.

Dojo have implemented this, and you can find a more detailed explanation here .

I also implemented an XMLHttpRequest object based on this method in the library I wrote, which can be found here .

You may not be able to use the library, as it will require 1 or 2 additional libraries, which can be found here .

If you need additional help in implementing it in your style, I will try to do my best.

+1
source

So, what I ended up doing, since it was just GET โ€” no data needed to be retrieved โ€” I used JQuery to create a hidden iframe with a URL, including the variables that I wanted to pass set as the source. Worked like a charm. To everyone who submitted feedback - Thank you!

0
source

How about this !! Using php proxy.

Cross-domain AJAX calls using PHP http://www.phpfour.com/blog/2008/03/cross-domain-ajax-using-php/

0
source

jQuery.ajax also has a 'crossDomain' setting.

http://api.jquery.com/jQuery.ajax/

  crossDomain (default: false for same-domain requests, true for cross-domain requests)
 Type: Boolean
 If you wish to force a crossDomain request (such as JSONP) on the same domain, set the value of crossDomain to true.  This allows, for example, server-side redirection to another domain.  (version added: 1.5)
0
source

More articles:


All Articles