views:

7068

answers:

7

I need to temporally allow cross domain XMLHttpRequest. Changing firefox security setting seems to be the way to go. But I've tried with this and this but they didnt work. Has anyone been able to configure this before? Thanks.

+2  A: 

Have you tried using jQuery's ajax request? As of version 1.3 jQuery supports certain types of cross domain ajax requests.

Quoting from the reference above:

Note: All remote (not on the same domain) requests should be specified as GET when 'script' or 'jsonp' is the dataType (because it loads script using a DOM script tag). Ajax options that require an XMLHttpRequest object are not available for these requests. The complete and success functions are called on completion, but do not receive an XHR object; the beforeSend and dataFilter functions are not called.

As of jQuery 1.2, you can load JSON data located on another domain if you specify a JSONP callback, which can be done like so: "myurl?callback=?". jQuery automatically replaces the ? with the correct method name to call, calling your specified callback. Or, if you set the dataType to "jsonp" a callback will be automatically added to your Ajax request.

tvanfosson
we are using this to retrieve json data, but this is html that gets incorporated in the page and it's only temporal, so changing firefox config should be the simplest thing to do
Pablote
Why the downvote? Using a framework's cross domain capabilities is a reasonable response to this question. The fact that HTML was required wasn't mentioned in the question, just in the comment to my response.
tvanfosson
A: 

I've tried using that 'UniversalBrowswerRead' thing too and it didn't work. You might be able to add an 'allow' header, but I haven't actually tried doing it yet. It's pretty new.

You can find more information here

Steve Willard
A: 

What about using something like mod_proxy? Then it looks to your browser like the requests are going to the same server, but they're really being forwarded to another server.

sjbotha
+4  A: 

Here is the thing, there is no way to "temporarily" disable cross-domain XMLHttpRequest, if you can disable it temporarily then it can be disabled permanently. This is a rather common problem in the modern-day of AJAX programming and is most often solved using the technique known as cross-domain scripting.

The idea here being is that if you call out to a cross-domain script it returns JavaScript (JSON) results that are then passed on to a function on your end.

Here is some sample code to illustrate how it may look from a JavaScript code perspective:

  function request_some_data() {
    var s = "http://my.document.url.com/my_data?p1=v1&p2=v2&callback=myfunc";

      try {
        try{
          document.write("<scr"+"ipt type='text/javascript' src='"+s+"'></scr"+"ipt>");
        } 
        catch(e){
          var x = document.createElement("script");
          x.src = s;
          document.getElementsByTagName("head")[0].appendChild(x);
        }
      }
      catch (e) {
        alert(e.message);
      }
   }

You will then define a function in your code that receives the data and in the server you "handle" the callback case, here is the client-side JavaScript:

function myfunc(data) {
  alert(data);
}

And on the server side, here i'm giving a PHP example but this can be done just as easily in Java or what-ever your server-side technology is:

<?php
   if($_GET["callback"]) {
     print($_GET["callback"] . "(");
   }
   /* place your JSON object code/logic here */
   if($_GET["callback"]) {
     print(");");
   }
 ?>

Note that what you are generating on the server side winds up being some JavaScript that gets executed on the client side.

Michael
A: 

Hi, I am struck in the same problem.

I want to make an Ajax call to cross domain. Its working fine on IE not on firefox & safari.

Please let me know how to resolve it.
+3  A: 

For firefox 3.5 / safari 4, u may try the approach of following:

https://developer.mozilla.org/en/HTTP_access_control

In short, you need to add the following into the SERVER response header (the following allows access FROM foo.example):

Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER
Access-Control-Max-Age: 1728000

Note that the 'X-PINGOTHER' is the custom header that is inserted by javascript, and should differ from site to site.

If you want any site access your server in ajax, use '*' instead.

Walty
A: 

I'm facing this from localhost. I'd like to query two servers from an HTML file residing on my own disk, therefore there isn't an intermediate server involved, at all.

In my understanding, this particular case is not a safety concern, but only Safari allows this.

Here is the best discussion I've found of the issue.

akauppi