We have a set of api that we're calling from the same machine, the address is mycompany.com:8080 for the server and mycompany.com for the ajax.html file.
How can we avoid the cross domain policy?
Anyway to do this with some proxy configuration?
please, no JSONP!
Thanks!
Two or more documents can be considered in same domain origin, if they have on
- Same Host
- Same Port
- Same Protocol.
In your case port is different so you can not put ajax query directly. Instead you need to specify following header in response.
Access-Control-Allow-Origin: mycompany.com
For more info, check this
You ask if this can be done with a proxy configuration, and of course that's one simple solution, just have the main server proxy requests to the AJAX server. It's usually simple to set up. But the Same Origin Policy means that you won't be able to do this with a pure client-side solution.
Related
Doing a javascript only assignment, i was provided an ubuntu machine and would like to spin up a container with a nodejs Serving the HTML, css, javascript. Then i would like another container with the backend API...since this all happening in the same server or IP , Is that posible no cross Origin calls????
See the Same-origin policy:
Two URLs have the same origin if the protocol, port (if specified), and host are the same for both.
You can't have two different services listening on the same port, so even if your static content and API servers shared an IP address, they would have to run on different ports.
So you would either need to configure CORS for the API server, or configure your static content server to proxy requests to the API server.
You would need to provide the correct CORS settings on your backend API; CORS does take into account port numbers. See this post for reference: CORS error on same domain?
I am developing applications using Angular and the client side is 100% JS. I am about to replace an old application made using ExtJS but I will not change the server-side. Only the client-side be re-coded from scratch.
I would like to work on this project from anywhere and any machine but I need to be able to perform cross-domain AJAX queries with the original server (server-side is ASP.NET MVC with IIS and I don't want to install Windows + everything on all the computers I use). Is there a way to do this easily?
Thanks for your ideas!
PS: JsonP is not a solution for me.
Couple of things:
At the end of the day you have to enable CORS in your server.
You can use a CORS proxy https://github.com/gr2m/CORS-Proxy for development. This proxy will actually change the request header of X-Origin which browsers even can but "won't" because of policy. So you will be able to make Cross Origin Requests.
If neither JSONP nor CORS are availble to you as options then you will have to take help of server side scripting.
You can create a method in your server side code and get the response from desired cross domain url and return the response to your javascript function.
You can use CORS (Cross Origin Resource Sharing)
I'm trying to make a webservice call from an html page to the server using XmlHttpRequest. What is the easiest way to get around the cross-domain issue without using a proxy? The remote server takes XML as the request and the response is also in XML. I have access to the server (IIS). I'll need to do GET and POST across the domains. Here's what I've researched so far -
Crossdomain.xml
CORS
JSONP
Is Crossdomain only for for flash players and stuff? CORS kind of seems hard to implement for BOTH client and server. Can JSONP be used for POST?
Thanks for any help.
Edit: I'm trying to run this on a smart device.
It depends on the version of IIS you are using.
At this URL, http://enable-cors.org/ they describe the solutions which you can take to enable Cross Domain access.
For example calling a Data Service www.abc.com/Service from www.zzz.com can be done by enabling a cross domain protocol.
Note that the method for configuring IIS6 and IIS7 / 8 are different.
i have in my localhost:8111 a restlet app running. This app have a ServerResource that respond http requests from a javascript api that i'm doing.
This Javascript api is running in my apache in localhost, and i want to do http request to the localhost:8111, but i can't for the cross domain problem.
The restlet response in json, which solution is the best in this case?
Thanks!
The same as any other case.
CORS if you want control and are willing to sacrifice some cross-browser support.
JSON-P if you can live with GET only requests and no security over which sites can trigger the request
A proxy on the same origin if you don't need the final server to get credentials directly from the client
I have a server on our company intranet that runs JBoss. I want to send API calls to this server from my machine, also on the intranet, and get the resulting XML responses using JQuery.
I read the entry on Wikipedia but am confused how that applies to my situation, since our machines only have IP addresses, not domain names.
I have
server URL: 10.2.200.3:8001/serviceroot/service
client IP address: 10.2.201.217
My questions are:
As far as I understand these are different domains, right? So I have to use a proxy to issue JQuery.ajax calls to the server
If I want to avoid doing (2), can I install Apache on the server and server the page with JS code form there? But then the JS will be from 10.2.200.3 and the server is at 10.2.200.3:8001. Aren't these considered different domains according to policy?
Thanks!
Yes.
Yes, different ports mean different origins. This is something that most browsers have done in JS for a while, but it is explicitly described in the HTML5 draft, which is referenced by the XMLHttpRequest draft.
If A and B have port components that are not identical, return false.
If the port, or address are different, they are different domains. If you need to access information from what is effectively another server you really have two options. One is to write some sort of reverse proxy to pass your requests from the same origin server to the secondary server.
Alternatively, if you are in control of the secondary target, and there's no security risk in providing direct access, you could consider adjusting the secondary server to emit JSON-P responses.