A question about cross-domain (subdomain) ajax request

Question

Let's say I have the main page loaded from http://www.example.com/index.html. On that page there is js code that makes an ajax request to http://n1.example.com//echo?message=hello. When the response is received a div on the main page is updated with the response body.

Will that work on all popular browsers?

Edit:

The obvious solution is to put a proxy in front of www.example.com and n1.example.com and set it so that every request going to a subresource of http://www.example.com/n1 gets proxied to http://n1.example.com/.

Probably not. These are two different domain names so cross-domain request thus blocked by browsers. — Julian Aubourg, Mar 16 '09 at 00:58

score 142 · Answer 1 · edited Jan 26 '18 at 18:19

142

Cross domain is entirely a different subject. But cross sub-domain is relatively easy. All you need to do is to set the document.domain to be same in both the parent page and the iframe page.

document.domain = "yourdomain.com"

More info here

Note: this technique will only let you interact with iframes from parents of your domain. It does not alter the Origin sent by XMLHttpRequest.

edited Jan 26 '18 at 18:19

Birchlabs

7,437
5
35
54

answered Mar 06 '10 at 15:09

shazmoh

1,946
1
13
15

11

Too bad another "correct" answer has been chosen that isn't. This is the correct answer to the question. Domains that share a second-level domain (with some small exceptions) can always set their domain to allow broader access amongst other domains that share the subdomain. – Jordan Mar 24 '10 at 17:29
4

Not to worry, it is still voted highest and easy enough to find. stackoverflow is great. – zod Nov 25 '10 at 13:24
13

Maybe I am confused but he did not mention anything about an iframe. Does that affect the answer's validity? In other words, can you use this method when there is no iframe and perhaps we are talking about a subdomain being used as a RESTful api? (Cross browser) – Ryan Ore Dec 03 '13 at 03:44
2

I agree the explanation about the iframe in this context is misleading. But setting up the document.domain to point to the base domain (stripping out the sub-domain) should work for cross-domain AJAX requests, IIRC. – shazmoh Dec 03 '13 at 21:40

score 22 · Answer 2 · answered Nov 30 '12 at 15:29

All modern browsers support CORS and henceforth we should leverage this addition.

It works on simple handshaking technique were the 2 domains communicating trust each other by way of HTTP headers sent/received. This was long awaited as same origin policy was necessary to avoid XSS and other malicious attempts.

To initiate a cross-origin request, a browser sends the request with an Origin HTTP header. The value of this header is the site that served the page. For example, suppose a page on http://www.example-social-network.com attempts to access a user's data in online-personal-calendar.com. If the user's browser implements CORS, the following request header would be sent:

Origin: http://www.example-social-network.com

If online-personal-calendar.com allows the request, it sends an Access-Control-Allow-Origin header in its response. The value of the header indicates what origin sites are allowed. For example, a response to the previous request would contain the following:

Access-Control-Allow-Origin: http://www.example-social-network.com

If the server does not allow the cross-origin request, the browser will deliver an error to example-social-network.com page instead of the online-personal-calendar.com response.

To allow access to all pages, a server can send the following response header:

Access-Control-Allow-Origin: *

However, this might not be appropriate for situations in which security is a concern.

Very well explained here in below wiki page. http://en.wikipedia.org/wiki/Cross-origin_resource_sharing

IE 8 & 9 do not fully support CORS. At least for my sites, this is still a significant slice of traffic. — Brad, Jun 27 '13 at 16:45
I guess it works for IE9, may be I am wrong as I've been using jQuery CORS plugin to add support for IE8+. https://gist.github.com/mathieucarbou/1114981 — Melwyn Furtado, Sep 09 '13 at 12:53

score 19 · Answer 3 · answered Mar 16 '09 at 01:47

Another solution that may or may not work for you is to dynamically insert/remove script tags in your DOM that point to the target domain. This will work if the target returns json and supports a callback.

Function to handle the result:

<script type="text/javascript">
  function foo(result) {
    alert( result );
  }
</script>

Instead of doing an AJAX request you would dynamically insert something like this:

<script type="text/javascript" src="http://n1.example.com/echo?callback=foo"></script>

This technique is known as JSONP. The major JavaScript frameworks have this capability in their AJAX libraries. — yfeldblum, Nov 30 '09 at 12:00

score 2 · Answer 4 · answered Jun 21 '12 at 21:25

The simplest solution I found was to create a php on your subdomain and include your original function file within it using a full path.

Example:

www.domain.com/ajax/this_is_where_the_php_is_called.php

Subdomain:

sub.domain.com

Create: sub.domain.com/I_need_the_function.php

Inside I_need_the_function.php just use an include:

include_once("/server/path/public_html/ajax/this_is_where_the_php_is_called.php");

Now call sub.domain.com/I_need_the_function.php from your javascript.

var sub="";
switch(window.location.hostname)
{
case "www.domain.com":
sub = "/ajax/this_is_where_the_php_is_called.php";
break;
case "domain.com":
sub = "";
break;
default: ///your subdomain (or add more "case" 's)
sub = "/I_need_the_function.php";
}


xmlHttp.open("GET",sub,true);

The example is as simple as I can make it. You may want to use better formatted paths.

I hope this helps some one. Nothing messy here - and you are calling the original file, so any edits will apply to all functions.

score 2 · Answer 5 · answered Nov 30 '09 at 11:55

2

Another workaround, is to direct the ajax request to a php (for example) page on your domain, and in that page make a cURL request to the subdomain.

answered Nov 30 '09 at 11:55

Strae

18,807
29
92
131

score 1 · Answer 6 · answered Nov 26 '11 at 23:07

New idea: if you want cross subdomain (www.domain.com and sub.domain.com) and you are working on apache. things can get a lot easier. if a subdomain actually is a subdirectory in public_html (sub.domain.com = www.domain.com/sub/. so if you have ajax.domain.com/?request=subject...you can do something like this: www.domain.com/ajax/?request=subject

works like a charm for me, and no stupid hacks, proxies or difficult things to do for just a few Ajax requests!

score 0 · Answer 7 · answered Feb 14 '12 at 03:16

0

I wrote a solution for cross sub domain and its been working for my applications. I used iframe and setting document.domain="domain.com" on both sides. You can find my solution at :

https://github.com/emphaticsunshine/Cross-sub-domain-solution

answered Feb 14 '12 at 03:16

emphaticsunshine

3,725
5
32
42

A question about cross-domain (subdomain) ajax request

7 Answers7

Linked