Crossing sites without JSONP

Question

Crossing sites without JSONP

I have an application in which an interface is created using HTML, CSS and Javascript code. The backend will be created using the java core, Restlet.

Now the real problem is the interface and backend, and on servers with different levels of diff too. for example, frontend is enabled: http://clientLookup (for example only) And the backend is enabled, http://lcgrke:8080

Now, when I send the server or other calls from the external interface via an Ajax request or jQuery Ajax, then I get a problem with parallel scripts (SOP is the same origin policy). I don’t understand how to get around this.

JSONP may be one option, but it will only work for calls like GET, but in my application I will have GET / POST requests. Also, some server URLs will not be included in JSONP (don’t ask me why, just admit that they will not be editable), so JSONP seems to be not the best option.

Can someone explain to me how I will get around this problem?

+8

javascript gwt cross-site

vbjain Jul 25 '13 at 20:41

source share

5 answers

shadowfox · Answer 1 · 2013-09-19T14:35:57+0000

I had the same problem not so long ago. You can install PHP on your external server and make an AJAX call to a PHP script on that server. There are several HTTP libraries for PHP (cURL is the most popular) that you can then use to create an HTTP request to your server server. Basically, you can write a PHP script on your external server to act as an average person.

Manolo carrasco moñino · Answer 2 · 2013-07-26T08:57:28+0000

The modern way to handle requests to gateways uses CORS instead of JSONP , although you should know which browsers support CORS.

You can use CORS with almost modern browsers (IE10, FF, Chrome, Safari, Opera), but not with IE9 / 8.

In IE9 / 8, you can use another method called XDomainRequest , but you must implement it through JSNI.

The purpose of using CORS vs JSONP is that on the server side you just add a filter, and everything should work ready (RPC, RF, etc.).

To use CORS in gwt, you can read this page in gwtquery , where you have an example filter. This page also has useful information about jsonp and how to use gwtquery ajax, which simplifies the gwt RequestBuilder path.

Charlie affumigato · Answer 3 · 2013-08-06T14:57:08+0000

If you use PHP and have the php_culr library available, you can use cross origin on the server. Here you can see an example: http://davidwalsh.name/curl-post or you can use the file_get_contents function and serialize the published parameters or simply pass the necessary get parameters (if necessary).

Hope this helps.

Richard Kenny · Answer 4 · 2013-09-10T16:22:29+0000

Ben Alman has a simple proxy script that I used as a temporary workaround for this kind of situation.

Basically, it forwards GET and POST requests using curl.

http://benalman.com/projects/php-simple-proxy/

 $url = $_GET['url']; $ch = curl_init( $url ); curl_setopt($ch, CURLOPT_VERBOSE, true); if ( strtolower($_SERVER['REQUEST_METHOD']) == 'post' ) { curl_setopt( $ch, CURLOPT_POST, true ); //curl_setopt( $ch, CURLOPT_POSTFIELDS, $_POST ); $vin = $_POST["vin"]; $subscriberProgramXML = $_POST["subscriberProgramXML"]; $data = array("vin" => $vin, "subscriberProgramXML" => $subscriberProgramXML); $data_string = json_encode($data); $httpHeader = array('Content-Type: application/json', 'Content-Length: ' .strlen($data_string)); curl_setopt( $ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_HTTPHEADER, $httpHeader); } curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true ); curl_setopt( $ch, CURLOPT_HEADER, true ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true ); curl_setopt( $ch, CURLOPT_USERAGENT, $_GET['user_agent'] ? $_GET['user_agent'] : $_SERVER['HTTP_USER_AGENT'] ); list( $header, $contents ) = preg_split( '/([\r\n][\r\n])\\1/', curl_exec( $ch ), 2 ); $status = curl_getinfo( $ch ); curl_close( $ch ); // Set the JSON data object contents, decoding it from JSON if possible. $decoded_json = json_decode( $contents ); $data['contents'] = $decoded_json ? $decoded_json : $contents; // Generate appropriate content-type header. $is_xhr = strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'; header( 'Content-type: application/' . ( $is_xhr ? 'json' : 'x-javascript' ) ); // Get JSONP callback. $jsonp_callback = $enable_jsonp && isset($_GET['callback']) ? $_GET['callback'] : null; // Generate JSON/JSONP string $json = json_encode( $data ); print $jsonp_callback ? "$jsonp_callback($json)" : $json;

this code is copied from the source php, but this is only part of the code. This illustrates the solution.

Diego · Answer 5 · 2013-09-14T05:31:19+0000

As @Manolo said the way is to use CORS (here you can see more details: http://blogs.mulesoft.org/cross-domain-rest-calls-using-cors/ - DISCLAIMER: I wrote, articles, but in order not to make this answer self-promoting, you can search for CORS and you will find similar articles).

The only thing I can add to Manolo’s answer is that if you use jQuery, you don’t have to worry about XDomainRequest IE, because jQuery takes into account this browser compatibility information.

Also, since you are using Restlet, this article will be useful: http://kodemaniak.de/2010/07/cross-domain-ajax-with-restlet-and-jquery/

I have never worked with Restlet, but since it is based on Java, another easy way to add CORS is to create or use a filter, here is one implementation of the Apache license filter: https://bitbucket.org/thetransactioncompany/cors-filter/ src

Crossing sites without JSONP

More articles: