ansaurus

Question

JQuery Cross-Domain .load() (self-constructing widget)

Answer 1

+2 A:

It depends on what url you are specifying in the load function. If this url is not hosted on the same domain that executes the page containing this script won't work due to same origin policy restriction. One possible workaround to make cross domain ajax calls is to use JSON-P if you have control over the server side script which is used in the load function.

Here's the idea behind JSON-P:

You provide a server side script hosted on Domain A which will return JSONP formatted response. Domain A is your domain for which you have full control.
This server side script could be called from Domain B using AJAX.

Let's suppose that http://domainA.com/myscript?jsoncallback=foo returns the following response:

foo({ result: '<strong>Hello World</strong>' });

Now inside mywidget.js you could call this script:

$.getJSON('http://domainA.com/myscript?jsoncallback=?', function(data) {
    $('#my_widget').html(data.result);
});

All that is left is to tell the users include mywidget.js script and provide a placeholder with id="my_widget" to host the results (you could even generate this placeholder in the success callback).

Remark: When using JSONP you are limited to GET requests only. This means that there's a limit in the size of the request you can send.

Darin Dimitrov 2010-10-08 08:56:15

It seems like he's letting people put that `<script>` on their site... so his code is executed on their site... there's no *same origin policy* thing.. it's just executing his code, which is a standard thing that lots of people do.

Luca Matteis 2010-10-08 08:59:18

Except that in his widget he is using the `.load` method to perform an AJAX request.

Darin Dimitrov 2010-10-08 09:03:21

see my response below Luca, i'm pretty sure darin is right here, i think i need some advise for using jsonp

Haroldo 2010-10-08 09:06:15

or just an iframe, like you specified in your question.

Luca Matteis 2010-10-08 09:07:46

Answer 2

A:

You have total control of their page since you're executing your code on their site.

You can create iframes document.createElement("iframe"), inject it anywhere on the page document.getElementById("my_widget").appendChild(iframe) and do whatever else you feel like.

One thing to be careful with this is to not clutter their namespaces... avoid any usual namespace and make up your own (__my_widget or whatever else is weird). And try to keep the namespaces counts as low as 1, or even none if possible.

Don't use load, use an iframe if you're just trying to load html from your site.

Luca Matteis 2010-10-08 08:57:06

the content is not composed inside the mywidget.js file, the js file uses ajax to load in html from my server to their website

Haroldo 2010-10-08 09:05:09

don't use ajax, use an iframe like you specified.

Luca Matteis 2010-10-08 09:06:46

i specified i do not want to directly include an iframe...

Haroldo 2010-10-08 12:15:58

You dont need to give the iframe code to your costumer.. you need your JS to dynamically create the iframe for you and change it's `src` attribute to point to your page on your domain...

Luca Matteis 2010-10-08 14:50:00

ansaurus

tags:

views:

answers:

JQuery Cross-Domain .load() (self-constructing widget)

related questions