What would that code look like?
views:
119answers:
6
+1
A:
You can use JSONP. in jQuery, try getJSON: http://api.jquery.com/jQuery.getJSON/
David
2010-02-01 19:42:44
-1 Avoiding cross domain requests seems like very bad advice. How else would you use any of the Google or Yahoo apis... or almost any other JS API for that matter, if cross domain requests should be avoided.
Doug Neiner
2010-02-01 19:48:07
Same origin policy doesn't forbid linking a resource from another server. That's a different matter. Same origin policy: "In a nutshell, the policy permits scripts running on pages originating from the same site to access each other's methods and properties with no specific restrictions, but prevents access to most methods and properties across pages on different sites."
fsb
2010-02-01 19:53:14
@fsb, so why do you suggest that it is "best avoided". Why should cross-domain communication be avoided when there exist technologies to support it.
Doug Neiner
2010-02-01 20:01:57
Doug, it is one thing for an html document to link resources from various places. That's not the same as when a script attempts to connect to a domain that is different from where that script came from. These are two different matters. The former is normal. But some browsers apply SOP and block the latter, e.g. FF2 throws "Error: [Exception... "'Permission denied to call method XMLHttpRequest.open' when calling method: [nsIDOMEventListener::handleEvent]" nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)" location: "<unknown>" data: no]"
fsb
2010-02-01 20:17:25
You cannot use XHMHttpRequest to access cross-domain content. Properly use JSONP and you are golden. (Basically dynamically adding a script tag to the page). See my comment above for a demo of JSONP in action that works in every major browser.
Doug Neiner
2010-02-01 22:15:52
fsb
2010-02-05 20:28:18
@fsb My script references an undefined domain name given for example, so it wouldn't work just copy and paste. The server has to exist and support JSONP. If you tried it without the `callback=?` then it would try a normal XMLHttpRequest and fail.
Doug Neiner
2010-02-05 22:31:59
+1
A:
Have a look at this question - it's about jQuery but the answer is about javascript in general: Why cant I load an external resource from jQuery load method?
Emil Ivanov
2010-02-01 19:44:06
+5
A:
That other domain/server needs to support JSONP, which basically wraps the JSON in a callback.
In jQuery, the call would look like this:
$.getJSON(
'http://otherdomain.com/api/whatever?callback=?',
{ key: 'value', otherkey: true },
function(data){
//handle response
}
);
The actual response from the other server (if you looked at what was actually being sent) would look like this:
// With this url:
http://domain.com/api/method?callback=the_callback_function_name
// The response would look like this:
the_callback_function_name({ "json": "data here"});
The jQuery getJSON method automatically handles JSONP when you supply the extra callback=?. Just keep in mind some sites using different names like json_callback=?. The important part is that you include it as part of the URL and don't try to add callback: '?' to the data part of the getJSON function.
Doug Neiner
2010-02-01 19:45:11
According to the tests I just ran, FF2, IE6 and IE8 (all with default security settings) blocked this method because of Same Origin Policy. FF3.5 and Safari4.0 did not. IE gave "Permission denied" error message. FF2 gave the error message I cited elsewhere on this page.
fsb
2010-02-01 20:32:05
@fsb then you ran an incorrect test. Sorry bud, but JSONP is not blocked in ANY browser currently with any market share to speak of.
Doug Neiner
2010-02-01 22:03:28
@fsb Using your default security settings, run the following page: http://jsbin.com/olixe . It will work in FF2+, Safari 3+, and IE6+ -- no errors or restrictions.
Doug Neiner
2010-02-01 22:14:48
fsb
2010-02-05 20:28:39
@fsb I am sorry I was sarcastic in my reply to you. I do find it funny you are trying to prove a proven technology doesn't work.
Doug Neiner
2010-02-05 22:31:21
+4
A:
Only via JSONP. Whether you use jQuery or some other framework, it boils down to a script block like this:
<script type="text/javascript" src="http://path.to/your/javascript"></script>
The <script> block is immune from cross-domain restrictions. The caveat is that the service should support JSONP as well. If the script returns a JSON object like this:
{a: 0, b: 1}
The object will be evaluated but nothing happens. But JSONP services accept a callback function name something like this
<script type="text/javascript" src="http://path.to/your/javascript?callback=yourCallbackFunction"></script>
and wrap the data as a parameter to your callback like this:
yourCallbackFunction({a: 0, b: 1});
So that the function is called when the script is evaluated.
Chetan Sastry
2010-02-01 19:51:02
A:
Instead you should use a local proxy. Set up a asp.net/php page that will load the remote page on the back end and then use ajax to load the proxy page.
Ariel
2010-02-01 20:53:55