Is it possible to read JSON feed available in another site which is HTTPS?
I'm getting empty string in return.
It is possible as long as you respect the same origin policy. For cross domain AJAX you could use JSON/P or if you don't have control over the distant domain and it doesn't expose a JSON/P data you might need to setup a server side script on your domain that will act as a bridge between both domains.
You also want to check out CORS
http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
Related
Hello i need to retrieve page source from site1.com to site2.com
I tried file_getcontents of php but my site is dynamic and unique for each users.
so i need to request page source using JAVASCRIPT
You can not do it because of the same origin policy unless the page and browser supports CORS.
like epascarello said, you can't due to the same origin policy. If you control both sites, you can use CORS to achieve it.
If you don't the best bet is to make requests to the domain you control, and have your server fetch what you need from the other url. It's called proxying. It's not that difficult to do.
I'm trying to access a SOAP web service on another server using ajax but I'm getting an Access Control Allow Origin error. The web service returns XML so JSONP can't be used and the web service is also being used in another app so modifications is probably the last option. Any solutions?
If you can't do JSONP, then your options are:
Craete a server proxy at the domain of the page that can fetch the desired result from the other domain and relay it to you from the allowed domain.
If you're willing to limit your browser support to some modern browsers, then you can investigate Cross Origin Resource Sharing (CORS) which is a "safer" way to do cross-domain requests. You can read about it here.
Cross-domain ajax support via Flash which requires the placement of an appropriate cross-domain policy file on the host of the server you want to access. See here and here for some more info.
You can set up a server proxy at the domain of the page.
This page would then call the soap web-service and give you back the response.
This page can then be called via ajax from ui.
Found the probably most easiest way by using Ajaxpro 2, of course it's meant for .NET. http://www.ajaxpro.info/
otherwise, jfriend00's suggestions are the next best options.
I have the main website hosted by a reliable static web hosting service. Which only allow me to host static files like html, css, js etc. Now I have few requirements which would need user Login and data storage. I think I can handle this using App Engine Python.
My app is similar to a Voting module, So i will explain it using its example.
My plan is to configure things something like this:
main website: www.example.com
appengine: gae.example.com
On the main website an anonymous user visits: http://www.example.com/vote.html, he should see current voting status (which has been retrieved from app engine). and a login button (from twitter/facebook). when he logins, he should be able to cast his vote and the vote be saved back to the appengine server.
I can handle most of the things but two. (taking same origin policy into account.)
How do I maintain authentication between two domain names. i.e. www.example.com and gae.example.com.
How do I make HTTP POST request to the gae.example.com from www.example.com and use the returned json data.
Note: I want to avoid iframes as much as possible.
You need to use JSONP.
Subdomains actually violate the same origin policy. This is because some hosted solutions provide subdomains for different users. This would allow users to attack each other's sites.
See: Same Origin Policy - AJAX & using Public APIs
You can maintain login between the two sub-domains by making sure that the login cookie is set on the root domain with subdomain access allowed. The sub-domains will be able to access the cookies of the root domain. See https://serverfault.com/questions/153409/can-subdomain-example-com-set-a-cookie-that-can-be-read-by-example-com for some examples.
I don't believe you can make ajax calls directly to another sub-domain. If the target sub-domain is cooperating and supports JSONP, you can do it that way (you end up inserting a script tag with a call to a script and that script calls you back with the data). Because the loading of scripts isn't subject to the same origin policy, you can work around it, but the target sub-domain has to be configured to allow and support JSONP.
I've been reading about the JavaScript Client Library for Google Data Protocol and it seems that it can access any Google service that has a proper interface (Docs, Spreadsheets, Calendar etc.)
If I use this client in my own application hosted on my own domain, how does the js client library get around the same-origin-policy that seems to be violated? Is it because the client library code itself is hosted on the Google top level domain that this works?
THe same-origin policy does not stop your Javascript from making requests to other sites (which respond e.g. in XML or JSON, as google data does) and receiving and processing the resulting data. Rather, to quote this page,
The same origin policy prevents a
document or script loaded from one
origin from getting or setting
properties of a document from another
origin.
Since no such "getting or setting properties of a document" occurs in google data, the same-origin policy does not impede it.
They might be using JSONP to get around it:
What is JSONP all about?
Or they could be using the 'Access-Control-Allow-Origin' header.
Is there a way without using a server proxy to perform a cross domain GET or POST request?
If you are with only the current day browsers and have control over the external domain, you can use Cross-Origin Resource Sharing [CORS]
Most people do not have that luxury so you either have to use JSON with Padding [JSONP] or you need to use a serverside proxy.
As far as I know, there is no way to make a cross-domain request in JS, but you could just query your server and make the request from there.
Edit: as Russ Cam said above, look into JSONP.
Using YQL is an easy way of doing cross domain ajax. You can specify to have a JSON or XML object returned. IBM has a good tutorial: http://www.ibm.com/developerworks/web/library/wa-aj-jsonp2/index.html
Though just search for yql cross domain and it'll bring up numerous tutorials.
You could use Flash. Flash allows you to make a cross-domain request to another server provided that it serves a Flash cross-domain policy file (an XML file). So you will need administrative access to the other server in order to set that up.
If you think this option might be what you're looking for or you want to do SSL/TLS cross-domain, check out the opensource Forge project:
http://github.com/digitalbazaar/forge/blob/master/README
AJAX Cross Domain is a low-cost library that allows to perform cross-domain AJAX requests. http://www.ajax-cross-domain.com/