busin3ss

Hi! I wrote this script for XMLHttpRequests and it's located on subdomain.mysite.com:
var xmlhttp;
function loadXMLDoc(url) {
xmlhttp = null;
if (window.XMLHttpRequest) {
xmlhttp = new XMLHttpRequest();
}
else if (window.ActiveXObject) {
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
if (xmlhttp!=null) {
xmlhttp.onreadystatechange=state_Change;
xmlhttp.open("GET",url,true);
xmlhttp.send(null);
}
}
function state_Change() {
if (xmlhttp.readyState==4) {
if (xmlhttp.status==200) {
document.write('OK');
}
}
}
loadXMLDoc('[clip]subdomain.mysite.com/1.html');


Works perfectly for requesting any file in subdomain.mysite.com

My question is, how can I request a file in mysite.com?

According to Mozilla (www . mozilla.org/projects/security/components/same-origin.html) it can be done, but still I always get a <>permission denied error

Any suggestions?

Thanks!

joebloggs

The typical way for sending a request to a different domain is to use a proxy.
For example, if you were on the domain example.org, and you wanted to make a request to an

Ajax

 y service on example2.org, you'd set up a server-side proxy on example.org and that script passes the request on to example2.org, and when it receives the response from example2.org, sends that back to the browser.

Here's more details, along with some code examples of a proxy:
http://developer.yahoo.com/

javascript

 /howto-proxy.html

There is a second method, which is good enough if you can get by with just GET requests, that's using the script element. So in

javascript

  you create a new script node in DOM, and then add that to the document. The src attribute would be the full URL including query string parameters if any. By inserting the script element into the document fires off a request to the actual server. As long as that server writes the

JavaScript

  response in a manner that can be reused by the page - like calling a predetermined function with the response data sent as arguments.

So to fire off a new request:

var newRequest = document.createElement('script');
var requestUrl = 'http://www.externalDomain.com/

ajax

 Handler.

php

 ?name=myName&password=myPassword';
newRequest.src = requestUrl;
document.getElementsByTag('head')[0].appendChild(newRequest);

Then the server side script at http://www.externalDomain.com/

ajax

 Handler.

php

  returns pure

JavaScript

 :

myPredeterminedFunction({
  status: 'OK',
  message: 'username and password authorised.'
});


that calls a function called myPrederminedFunction, passing in the object literal as a value, so on our existing page, we'd already have a function:

function myPredeterminedFunction(response) {
alert(response.message);
}




perkiset

According to Microsoft (  Applause ) the spec for XMLHTTPReq is that it must be to the same subdomain, port and protocol - you cannot change any of it.

Some recent experimentation has found that if I even included http://adomain.com/ in the URL for the request (instead of just '/afile.

php

 ' - the request died immediatly like a stubborn child. All the

AJAX

  dox out there that I come across seem to echo the same - although there have been holes in implementations, they are literally holes not features.

Sounds like a case for hidden iFrames if you ask me... I just read a pretty good article asserting that

AJAX

  is overhyped and that iFrames are the way to go. I disagree, but there are a lot of good points in the article and it was worth considering in certain applications - cross domain or cross subdomain or even cross-port/protocol pulls to a server are a perfect example, imo. I'll see if I can dig it up...

/p

perkiset

Here it is:

http://www.petefreitag.com/item/446.cfm

the article is a bit light, but the discussion is lively.

/p


Perkiset's Place Home   Politics @ Perkiset's