jackjohnson44
asked on
cross domain scripting, is there a way around it?
I have a webpage that uses an api webservice to get info. The calls are to a different domain than my page so I get errors like below. I have no control over the webservice so I can't alter it at all. I found some links that mention using jsonp, which I tried but the webservice does not respond to. I know I can do things to the browser, but I want it to work for anyone. Is there a creative way around this like by doing it on another page and lazy loading it? I am really not sure, but there must be a way. I can see in fiddler that the call returns the xml correctly, but the js still errors.
Error:
No 'Access-Control-Allow-Orig in' header is present on the requested resource. Origin 'null' is therefore not allowed access.
Error:
No 'Access-Control-Allow-Orig
return $.ajax({
url: loginUrl,
contentType: "application/x-www-form-urlencoded",
//dataType: "xml", //IT WILL WORK WITH OMMITTED BUT WORKS WITH TOO
//dataType: 'jsonp', //IT WON'T WORK WITH JSONP
data: postData,
async: true,
type: "POST", //NEED POST FOR THE WEBSERVICE TO RETURN A VALID RESPONSE IN FIDDLER
//contentType: 'application/json', //DOES NOT WORK WITH
});
ASKER
The page I am posting to? I don't have access to that server.
Or you use the proxy method.
ASKER
Thanks but that isn't really helpful at all. I can't change the webservice like I mentioned and the term "proxy method" is not a solution. Does anyone else have any advice?
The only option is JSONP but you already said it won't work with JSONP
Misread one of your earlier comment, you need to add the headers to your server to say it's ok to request the other domain.
ASKER
I tried adding this header which does actually add and I can verify in fiddler. I get the same error below. It looks like that header needs to be on the webservice not my code.
XMLHttpRequest cannot load https://xxxx.com/apps/100/LogIn. No 'Access-Control-Allow-Orig in' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
test:
headers in code
after_filter :set_access_control_header s
def set_access_control_headers
headers['Access-Control-Al low-Origin '] = 'http://localhost:3000/'
headers['Access-Control-Re quest-Meth od'] = '*'
end
XMLHttpRequest cannot load https://xxxx.com/apps/100/LogIn. No 'Access-Control-Allow-Orig
test:
headers in code
after_filter :set_access_control_header
def set_access_control_headers
headers['Access-Control-Al
headers['Access-Control-Re
end
Then you need to contact the webservice author - there is no other way around it.
ASKER
Anyone else?
You've been given the only 3 possible solutions, there is no other solution.
ASKER
Thanks, but you are really not helping at all, and I'd appreciate it if you could not answer any more. You suggested adding a header to the page that I was on which did not work. You obviously did not try this or know it to be true and it was a waste of time. You also suggested something that I stated in my question was not possible. This is a forum for answers, not for people to have conversations with. You have no business answering this question. You also give very vague answers and provide no code. Now this question has too many responses so no one will read through. Please resist the urge to comment on this statement. I am looking for a solution for my issue, I am not looking to have a conversation with someone who doesn't read questions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
JSONP should work but I suspect there needs to be a valid session to use the webmethod or can anyone call it without logging in etc?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How you do this depends on your server.
Or you can use a proxy - you call a page on your server that makes the crosss domain call and passes the response back to your page.