3

I need to do a POST request to a remote domain trhough Ajax, I know there is the restriction of the Same-Origin Policy but I've read that could be possible make a bridge in PHP on my server to forward the request.

The fact is that I've not idea of how to write this bridge and I can't find info on Google.
I guess I need to use CURL.

Can someone explain me how to write one?

PurpleFoxy
  • 1,107
  • 3
  • 12
  • 17

3 Answers3

4

If you need a proxy or "Bridge", you can try as below: You can achieve a simple AJAX call to that PHP script and redirect that POST to another server you desired.

How it works:

  1. Create Proxy.php and paste the content.
  2. Make a page originally sends request to send an AJAX request to proxy.php instead of the target server.
  3. The request will be redirected to the target server.
  4. You can optionally set option CURLOPT_RETURNTRANSFER if you want the result.

Please remember to put some server authentication methods first, as I have written none in the example, or that page would be a nice spam machine

EDIT: what i meant is using your server to submit fault request to target server. anyway it is not so bad for adding some simple authentication for your users :)

some/where/in/your/server/proxy.php

<?php
/* You might want some authentication here */
/* check authentication */
/* Authentication ended. */
$url = 'http://target.com/api'; //Edit your target here
foreach($_GET as $getname => $getvar) {
    $fields[$getname] = urlencode($getvar); //for proxying get request to POST.
}

foreach($_POST as $postname => $postvar) {
    $fields[$postname ] = urlencode($postvar); //for proxying POST requests.
}
//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);

I assumes you know the way of sending POST ajax request already. If somehow you are not, just try to read http://www.openjs.com/scripts/jx/jx.php

Michael Mitch
  • 789
  • 6
  • 14
  • Thanks, what do you mean with spam machine? If it can only perform a specific POST request how could be used as spam machine? – PurpleFoxy Sep 14 '13 at 10:21
  • i mean if you dont authenticate your user, malicious request can make use of your proxy.php to reproduce tons of traffic to the target.com – Michael Mitch Sep 14 '13 at 10:23
  • but I need to allow every visitor to click the button which call the POST request, how can I prevent this problem so? – PurpleFoxy Sep 14 '13 at 10:54
  • that is just in case :) you can skip the authentication if it is for everyone, if you just dont want to be abused, add some CAPTCHA to server-side or limit usage by _SESSION, but still cannot prevent people from abusing by clearing the cookies. Usually remote APIs have measures to prevent this so you dont have to worry about, only the bad things is that they got your site on their blacklist. :( – Michael Mitch Sep 14 '13 at 10:58
0

Depending on your PHP config, and the complexity of the request, you may well get away with just using the file_get_contents function. For example:

<?php
if (!isset($_GET["id"])) {
    die("No ID passed");
}
$theID = (int)$_GET["id"];

echo file_get_contents("http://example.com/getSomeData?id={$theID}");

If you place this in a PHP file on your domain, you can use AJAX to request this file without being restricted by the same domain policies, and it will return the contents of whatever remote page you specify in the function call.

Note that this use of the file_get_contents function requires that the allow_url_fopen directive is turned on. Otherwise you will have to use libraries like Curl to do the request from PHP.

Atli
  • 7,855
  • 2
  • 30
  • 43
0

If you control the server you're POSTing to, you can set the policy in such a way that POSTing is allowed. See this answer.

If you don't control the server you will have to set up a proxy, which you can write in PHP. All it really does is relaying the information between your JavaScript and the destination server.

  1. Create an endpoint on your site, something like /proxy
  2. Make your request as usual, but instead of pointing to the original URL, you point it to /proxy/<original_url>.
  3. In the file that handles the /proxy endpoint, you simply extract the HTTP method, URL headers, parameters, body, etc., and make exactly the same request to the destination server. You can use cURL or a package like Guzzle to do this. There are also package which provide this proxy functionality for you, but I'm not familiar with their quality.
Community
  • 1
  • 1
joelcox
  • 562
  • 9
  • 19