Answer the question
In order to leave comments, you need to log in
S
S
ShimON2011-03-05 19:53:27
ShimON, 2011-03-05 19:53:27
Cross Domain XmlHttpRequest
Good afternoon friends.
I've been struggling with this issue all day today. Initial task:
When running on site.com, send a POST request (even a response is not required) to xxx.site.com. As a last resort, I am ready to limit myself to the Google Chrome browser.
It would seem that the task is no longer new, a lot of materials have been written on the topic, but something does not work ...
So, what I have already tried:
- change document.domain before sending. As it turned out, you can change from xxx.site.com to site.com, but not back...
- create an iframe with src="xxx.site.com", and then inside it add a script tag to the model home, which will contain the logic for sending XmlHttpRequest. And this option has already almost, almost worked, as for reasons I do not understand, xhr.readystatechange is called once and readyState=1 ... The code is something like this:
var iframe = $( '<iframe src="xxx.site.com" style="display:none;"></iframe>' ).appendTo( document .body);
var iDoc = iframe.get(0).contentDocument;
varscript = iDoc.createElement( "script" );
script.setAttribute( "type" , "text/javascript" );
script.innerHTML =
"function postIt() {" +
"var xhr = new XMLHttpRequest();" +
"xhr.onreadystatechange = function(data) {" +
"alert(xhr.readyState);" +
"if (xhr.readyState == 4) {" +
" if (xhr.status == 200) {" +
"alert(data.toString());" +
" } else {" +
" alert(xhr.error);" +
"}" +
"}};" +
"var url = \"xxx.site.com\";" +
"var postParams = \"a=1&b=1\"" +
"xhr.open(\"POST\", url, true);" +
"xhr.setRequestHeader(\"Content-Type\", \"application/x-www-form-urlencoded;\");" +
"xhr.send(postParams);" +
"}" +
"postIt();" ;
iDoc.body.appendChild(script);
* This source code was highlighted with Source Code Highlighter .
- Also considered a method with YQL - did not fit
Any other ideas on how to overcome this?
8 answer(s)
@ShimON
@philpirj
@ShimON
@Serator
@Dzen_Marketing
@pluseg
K
Konstantin Kitmanov, 2011-03-05 @ShimON
So do you need an answer or not?
If there is no task to get an answer, then:
- create a hidden iframe with the attribute name="blahblah"
- set the form attribute target="blahblah"
- PROFIT!
P
philpirj, 2011-03-05 @philpirj
In someone else's iframe, no one will write js according to the security policy.
To solve the problem, I can advise you to redo the server logic of xxx.site.com so that GET is perceived as well as POST, and use JSONP.
The second option can be used if the xxx.site.com logic is not corrected: make a resource on your host to which to send POST, and make an HTTP request from the site.com server to the xxx.site.com server.
You can also try to make a hidden form, set its action to " xxx.site.com ", add inputs with the desired name and value, and fire the form submit. Not sure if this will work everywhere.
S
ShimON, 2011-03-05 @ShimON
Not suitable, unfortunately, because. xxx.site.com checks Origin, and the browser puts site.com in Origin
S
Sererator, 2011-03-05 @Serator
I didn’t do it myself, but everything works fine on hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/ (I look in Firefox 4 beta 12, Chrom is not at hand). There are examples that you can "feel". + article ( developer.mozilla.org/en/HTTP_access_control ) on MDN (MDC) which should help resolve the issue.
D
Dzen_Marketing, 2011-03-05 @Dzen_Marketing
Try the methods from this comment habrahabr.ru/blogs/webdev/114432/#comment_3692960
M
Max Kuznetsov, 2011-03-05 @pluseg
Probably already studied, but still - javascript.ru/ajax/cross-domain-scripting .
Similar questions
L
L
T
TrainHard2015-09-27 17:26:38
What are the differences between these constructs in JavaScript?
1Reply
A
J
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question