views:

207

answers:

4

Hello,

I've got an XML file on my serveur, and my parteners have to access it via a javascript i'm coding.

It's working perfectly in local, but as soon as i do :

xmlDoc.async=false;
xmlDoc.load("/export/export.xml");

to

xmlDoc.load("http://www.something.com/export/export.xml");

It stopped working. I know that it's to avoid XSS attack, but there is no point in my case to developp that JS script if they cannot access to my XML file.

So, how to bypass such limitation ?

thanks.

+1  A: 

Depending on the need, one option would be to fully encapsulate everything coming from your site in an independent frame which is loaded from your site, thus making the page doing the loading match the server properly.

Another option would be for the partners to run a server-side script on their server that can fetch the XML file and then pass it through to the client so that it "appears" to be hosted on their server.

There's no way to bypass it on the client side; if there were it would defeat the purpose of restricting it in the first place.

Amber
+1  A: 

I use a proxy on my domain to obtain the information. This can be any server-side script that goes and gets the information from the remote server - that way, all requests are to my local server proxy page.

Sohnee
+3  A: 

Provide your data in JSON-P format instead.

David Dorward
thanks, any idea to convert XML to JSON-P format ?
Tristan
It is generally best to redesign the data structure to better fit the change in format, however http://search.cpan.org/perldoc?XML::Simple + http://search.cpan.org/perldoc?JSON::Any might well do the trick.
David Dorward
thanks you !;)
Tristan
A: 

Here are some workarounds for the SOP (Same Origin Policy) problem here. The post is about jQuery, but the concepts are the same:

Aaron Mc Adam