i have in my localhost:8111 a restlet app running. This app have a ServerResource that respond http requests from a javascript api that i'm doing.
This Javascript api is running in my apache in localhost, and i want to do http request to the localhost:8111, but i can't for the cross domain problem.
The restlet response in json, which solution is the best in this case?
Thanks!
The same as any other case.
CORS if you want control and are willing to sacrifice some cross-browser support.
JSON-P if you can live with GET only requests and no security over which sites can trigger the request
A proxy on the same origin if you don't need the final server to get credentials directly from the client
Related
How to send https request to address https://www.googleapis.com/plus/v1/people/me from java script and most important how to get data from server?
I need it to identify users e-mail in my packaged chrome app.
Note that this would violate the same origin policy. Additionally, the whole point of HTTPS is so that the whole page (and request cycle) is secure.
The alternatives would be:
Make the request using JSONP, or
Set up a proxy: let your JS call your own server on the same origin,
which will in turn make an HTTPS request, or
Have an iframe which points to an HTTPS page (on your own server). This page should then be able to make Ajax requests to the server over HTTPS. Using the HTML5 postMessage API, you can then post a message back to the parent window.
I am developing applications using Angular and the client side is 100% JS. I am about to replace an old application made using ExtJS but I will not change the server-side. Only the client-side be re-coded from scratch.
I would like to work on this project from anywhere and any machine but I need to be able to perform cross-domain AJAX queries with the original server (server-side is ASP.NET MVC with IIS and I don't want to install Windows + everything on all the computers I use). Is there a way to do this easily?
Thanks for your ideas!
PS: JsonP is not a solution for me.
Couple of things:
At the end of the day you have to enable CORS in your server.
You can use a CORS proxy https://github.com/gr2m/CORS-Proxy for development. This proxy will actually change the request header of X-Origin which browsers even can but "won't" because of policy. So you will be able to make Cross Origin Requests.
If neither JSONP nor CORS are availble to you as options then you will have to take help of server side scripting.
You can create a method in your server side code and get the response from desired cross domain url and return the response to your javascript function.
You can use CORS (Cross Origin Resource Sharing)
I'm trying to make a webservice call from an html page to the server using XmlHttpRequest. What is the easiest way to get around the cross-domain issue without using a proxy? The remote server takes XML as the request and the response is also in XML. I have access to the server (IIS). I'll need to do GET and POST across the domains. Here's what I've researched so far -
Crossdomain.xml
CORS
JSONP
Is Crossdomain only for for flash players and stuff? CORS kind of seems hard to implement for BOTH client and server. Can JSONP be used for POST?
Thanks for any help.
Edit: I'm trying to run this on a smart device.
It depends on the version of IIS you are using.
At this URL, http://enable-cors.org/ they describe the solutions which you can take to enable Cross Domain access.
For example calling a Data Service www.abc.com/Service from www.zzz.com can be done by enabling a cross domain protocol.
Note that the method for configuring IIS6 and IIS7 / 8 are different.
We have a set of api that we're calling from the same machine, the address is mycompany.com:8080 for the server and mycompany.com for the ajax.html file.
How can we avoid the cross domain policy?
Anyway to do this with some proxy configuration?
please, no JSONP!
Thanks!
Two or more documents can be considered in same domain origin, if they have on
- Same Host
- Same Port
- Same Protocol.
In your case port is different so you can not put ajax query directly. Instead you need to specify following header in response.
Access-Control-Allow-Origin: mycompany.com
For more info, check this
You ask if this can be done with a proxy configuration, and of course that's one simple solution, just have the main server proxy requests to the AJAX server. It's usually simple to set up. But the Same Origin Policy means that you won't be able to do this with a pure client-side solution.
I'm trying to access a SOAP web service on another server using ajax but I'm getting an Access Control Allow Origin error. The web service returns XML so JSONP can't be used and the web service is also being used in another app so modifications is probably the last option. Any solutions?
If you can't do JSONP, then your options are:
Craete a server proxy at the domain of the page that can fetch the desired result from the other domain and relay it to you from the allowed domain.
If you're willing to limit your browser support to some modern browsers, then you can investigate Cross Origin Resource Sharing (CORS) which is a "safer" way to do cross-domain requests. You can read about it here.
Cross-domain ajax support via Flash which requires the placement of an appropriate cross-domain policy file on the host of the server you want to access. See here and here for some more info.
You can set up a server proxy at the domain of the page.
This page would then call the soap web-service and give you back the response.
This page can then be called via ajax from ui.
Found the probably most easiest way by using Ajaxpro 2, of course it's meant for .NET. http://www.ajaxpro.info/
otherwise, jfriend00's suggestions are the next best options.