The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 18, 2019, 12:51:45 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: XMLHttpRequest and subdomains  (Read 2864 times)
busin3ss
n00b
*
Offline Offline

Posts: 2


View Profile
« on: April 21, 2007, 05:57:06 PM »

Hi! I wrote this script for XMLHttpRequests and it's located on subdomain.mysite.com:
Code:
var xmlhttp;
function loadXMLDoc(url) {
xmlhttp = null;
if (window.XMLHttpRequest) {
xmlhttp = new XMLHttpRequest();
}
else if (window.ActiveXObject) {
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
if (xmlhttp!=null) {
xmlhttp.onreadystatechange=state_Change;
xmlhttp.open("GET",url,true);
xmlhttp.send(null);
}
}
function state_Change() {
if (xmlhttp.readyState==4) {
if (xmlhttp.status==200) {
document.write('OK');
}
}
}
loadXMLDoc('[clip]subdomain.mysite.com/1.html');

Works perfectly for requesting any file in subdomain.mysite.com

My question is, how can I request a file in mysite.com?

According to Mozilla (www . mozilla.org/projects/security/components/same-origin.html) it can be done, but still I always get a permission denied error

Any suggestions?

Thanks!
« Last Edit: April 21, 2007, 06:17:48 PM by perkiset » Logged

No links in signatures please
joebloggs
n00b
*
Offline Offline

Posts: 3


View Profile
« Reply #1 on: April 26, 2007, 11:59:06 AM »

The typical way for sending a request to a different domain is to use a proxy.
For example, if you were on the domain example.org, and you wanted to make a request to an Ajaxy service on example2.org, you'd set up a server-side proxy on example.org and that script passes the request on to example2.org, and when it receives the response from example2.org, sends that back to the browser.

Here's more details, along with some code examples of a proxy:
http://developer.yahoo.com/javascript/howto-proxy.html

There is a second method, which is good enough if you can get by with just GET requests, that's using the script element. So in javascript you create a new script node in DOM, and then add that to the document. The src attribute would be the full URL including query string parameters if any. By inserting the script element into the document fires off a request to the actual server. As long as that server writes the JavaScript response in a manner that can be reused by the page - like calling a predetermined function with the response data sent as arguments.

So to fire off a new request:

var newRequest = document.createElement('script');
var requestUrl = 'http://www.externalDomain.com/ajaxHandler.php?name=myName&password=myPassword';
newRequest.src = requestUrl;
document.getElementsByTag('head')[0].appendChild(newRequest);

Then the server side script at http://www.externalDomain.com/ajaxHandler.php returns pure JavaScript:

myPredeterminedFunction({
  status: 'OK',
  message: 'username and password authorised.'
});


that calls a function called myPrederminedFunction, passing in the object literal as a value, so on our existing page, we'd already have a function:

function myPredeterminedFunction(response) {
 alert(response.message);
}




Logged

No links in signatures please
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #2 on: April 26, 2007, 02:10:01 PM »

According to Microsoft (  ROFLMAO ) the spec for XMLHTTPReq is that it must be to the same subdomain, port and protocol - you cannot change any of it.

Some recent experimentation has found that if I even included http://adomain.com/ in the URL for the request (instead of just '/afile.php' - the request died immediatly like a stubborn child. All the AJAX dox out there that I come across seem to echo the same - although there have been holes in implementations, they are literally holes not features.

Sounds like a case for hidden iFrames if you ask me... I just read a pretty good article asserting that AJAX is overhyped and that iFrames are the way to go. I disagree, but there are a lot of good points in the article and it was worth considering in certain applications - cross domain or cross subdomain or even cross-port/protocol pulls to a server are a perfect example, imo. I'll see if I can dig it up...

/p
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #3 on: April 26, 2007, 02:11:43 PM »

Here it is:

http://www.petefreitag.com/item/446.cfm

the article is a bit light, but the discussion is lively.

/p
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!