Geek Answers Handbook

Cross-Domain Data Access in JavaScript

We have an ASP.Net application located on our network and working with a specific client. This client wants to be able to import data from his server into our application. Data is retrieved using an HTTP request and formatted in CSV format. The problem is that they do not want to open their server on our network and request that the import be performed on the client side (all clients from the same network as their server).

So what you need to do is:

  • They request an import page from our server.
  • The client script on the page issues a request to its server to receive data in CSV format
  • Data is sent back to our application.

This is not a problem when both servers are in the same domain: a simple hidden iframe or something similar will do the trick, but what I get is a cross-domain access error. They also refuse to change the data format to return data in JSON or XML format.

What I have tried and learned so far:

  • Hidden iframe - "access denied"
  • XMLHttpRequest - the behavior depends on the browser security settings: it can work, it can work when you click on a user with security warnings, or you can’t work at all
  • Dynamic script tags - would work if they could return data in JSON format
  • data binding to IE client - same "denied access" error

Is there anything else I can try before giving up and saying that this is not possible without exposing their server to our application, changing their data format or changing browser security settings? (By the way, the DNS trick is not an option).

+4
source share
5 answers

It may be too late for your client, but since you have control over both domains, you can try EasyXDM . This is a library that wraps cross-browser quirks and provides an easy-to-use API to communicate in a client script between different domains using the best available mechanism for this browser (for example, postMessage , if available, other mechanisms if not).

Caution: you need to have control over both domains in order to make it work (where "control" means that you can place static files on both of them). But you do not need server side code changes.

+2
source

JSONP may be the answer for you if they can transmit server data in JSON format. In addition, you will always encounter Same Origin Policy issues with cross-domain calls. Have you thought about making server-side calls to make HTTP requests on their server?

+3
source

Your client is the javascript served by your application, right?

Then your client can send requests to your application (cross-site scripting prevention), what do you see error?

Assuming yes, the solution is for your application to offer a proxy service. The browser code may request some data from your server. Your server can issue an HTTP request to any server that likes it (without a browser for the object). This way you implement a little service to get the cvs data and present it in your application.

You might even want to map CSV data to JSON if this is your client that uses it.

+1
source

Can you only host the JS file on your server? This should allow the script in this file to make ajax callbacks to their server.

0
source

You can try using flash. If you place this yourdomain.com/crossdomain.xml file in the root directory, you can make cross-domain requests from mysite.com.

<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="www.mysite.com" to-ports="25" /> </cross-domain-policy>
0
source

More articles:


All Articles