Cross-site XMLHttpRequest

by

Will some.js be able to use XMLHttpRequest to post data to abc.com? In other words, is abc.com implicitly trusted because we loaded Javascript from there?

No, because the script is loaded on to a seperate domain it will not have access…

If you trust the data source then maybe JSONP would be the better option. JSONP involves dynamically adding new SCRIPT elements to the page with the SRC set to another domain, with a callback set as a parameter in the query string. For example:

function getJSON(URL,success){
    var ud = 'json'+(Math.random()*100).toString().replace(/\./g,'');
    window[ud]= function(o){
        success&&success(o);
    };
    document.getElementsByTagName('body')[0].appendChild((function(){
        var s = document.createElement('script');
        s.type="text/javascript";
        s.src = URL.replace('callback=?','callback='+ud);
        return s;
    })());
}

getJSON('http://YOUR-DOMAIN.com/script.php?dataName=john&dataAge=99&callback=?',function(data){
    var success = data.flag === 'successful';
    if(success) {
        alert('The POST to abc.com WORKED SUCCESSFULLY');
    }
});

So, you’ll need to host your own script which could use PHP/CURL to post to the abc.com domain and then will output the response in JSONP format:

I’m not too great with PHP, but maybe something like this:

<?php
    /* Grab the variables */
    $postURL = $_GET['posturl'];
    $postData['name'] = $_GET['dataName'];
    $postData['age'] = $_GET['dataAge'];

    /* Here, POST to abc.com */
    /* MORE INFO: http://uk3.php.net/curl & http://www.askapache.com/htaccess/sending-post-form-data-with-php-curl.html */

    /* Fake data (just for this example:) */
    $postResponse="blahblahblah";
    $postSuccess = TRUE;

    /* Once you've done that, you can output a JSONP response */
    /* Remember JSON format == 'JavaScript Object Notation' - e.g. {'foo':{'bar':'foo'}} */
    echo $_GET['callback'] . '({';
    echo "'flag':' . $postSuccess . ',";
    echo "'response':' . $postResponse . '})";

?>

So, your server, which you have control over, will act as a medium between the client and abc.com, you’ll send the response back to the client in JSON format so it can be understood and used by the JavaScript…

More Related Contents:

  1. How can I upload files asynchronously with jQuery?
  2. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘…’ is therefore not allowed access
  3. Add a “hook” to all AJAX requests on a page
  4. Upload file with Ajax XMLHttpRequest
  5. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  6. HTTP HEAD Request in Javascript/Ajax?
  7. Prevent redirection of Xmlhttprequest
  8. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  9. How to intercept all http requests including form submits
  10. Show a progress bar for downloading files using XHR2/AJAX
  11. WebKit “Refused to set unsafe header ‘content-length'”
  12. How to get response url in XMLHttpRequest?
  13. Fetch API vs XMLHttpRequest
  14. AJAX File Upload with XMLHttpRequest
  15. loading json data from local file into React JS
  16. Intercept fetch() API requests and responses in JavaScript
  17. XMLHttpRequest (Ajax) Error
  18. How can I modify the XMLHttpRequest responsetext received by another function?
  19. XMLHttpRequest to Post HTML Form
  20. Is it possible for XHR HEAD requests to not follow redirects (301 302)
  21. Cross-Origin XMLHttpRequest in chrome extensions
  22. How to Detect Cross Origin (CORS) Error vs. Other Types of Errors for XMLHttpRequest() in Javascript
  23. Ajax – 500 Internal Server Error
  24. responseXML always null
  25. Microsoft Edge blocked cross-domain requests sent to IPs in same private network CIDR
  26. Reuse XMLHttpRequest object or create a new one?
  27. Phantom JS synchronous AJAX request : NETWORK_ERR: XMLHttpRequest Exception 101
  28. Differentiating Between an AJAX Call / Browser Request
  29. Adding X-CSRF-Token header globally to all instances of XMLHttpRequest();
  30. XMLHttpRequest testing in Jest

Leave a Comment