0

I am trying to make a JQuery $.post to a Java Servlet. I integrated the Tomcat server into Apache and if the Tomcat server is on the same machine as the Apache the $.post succeded. (The Java Servlet receives it).

If the Tomcat servlet is on a remote machine and if I make $.post(http://ip:8080/App/MyServlet,...) the servlet doesn't receive anything.

If I make a JQuery $.post on my machine I have like this $.post(Myservlet,.....). If I try like this : $.post(http://localhost:8080/App/MyServlet,...) it doesn't work.

How should I make a JQuery $.post to a remote uri?

How should the remote uri for a Tomcat Servlet look like?

Thanks,

alain.janinm
  • 19,951
  • 10
  • 65
  • 112
Dragos
  • 81
  • 2
  • 9
  • 1
    There are cross domain restrictions: http://stackoverflow.com/questions/298745/how-do-i-send-a-cross-domain-post-request-via-javascript – binarious Apr 23 '12 at 11:05

1 Answers1

2

Jquery runs in the browser (client-side), which means it's subject to the browser's same-origin policy, which is a good thing.

This means ajax requests that are GET or POST can only be made to the domain of the page making the ajax request.

There are 2 ways to bypass the policy. The first is to have the remote server vouch for the request, the second is to sneak around the browser's same-origin policy.

So if you have control over the remote server, or if the admin who does takes requests to open the server/domain to foriegn ajax requests, then the server just needs to send the following header:

Access-Control-Allow-Origin: your-local-domain.org

The browser gets back the response header, sees that the requesting page is in the above list, and allows the response through.

If you have no control over the remote server, here are the sneakier ways to get around same-origin policy:

  1. Make an ajax request to a local url with the parameters, and have it pass it along to the servlet, and the have that proxy script return whatever the servlet responds with.

  2. JSONP (which I'm still fuzzy on, honestly, but jquery's ajax documentation goes into it)

  3. Script injection, where you leverage the fact that the script element's src is not limited by the same-origin policy.

Of the 3, I think the first is the safest, least hackish, and most honest (so to speak), but JSONP has become the simple and easy way to pull of a cross-domain request in jquery.

Anthony
  • 36,459
  • 25
  • 97
  • 163
  • 2
    You forgot to mention `Access-Control-Allow-Origin` – binarious Apr 23 '12 at 11:11
  • 1
    Oh damnit! The one that is least hackish and most intentional of them all! Adding with embarrassment. – Anthony Apr 23 '12 at 11:16
  • Added, thanks for the heads up. Feel free to comment if you think my explanation of the header is not in-depth enough. – Anthony Apr 23 '12 at 11:25
  • I have the control of the remote server, so I need to send first that header and then the data? Did I understand well? – Dragos Apr 23 '12 at 11:41
  • @Dragos - Exactly. How you send it is also up to you. You could have the HTTP server always send it back for all requests or requests when the requesting domain (and/or port, query string, page, etc) has a certain value, or, you can just have the servlet script just throw it out before it does anything else. The benefit of doing via the http server is 1) less upkeep of the script, 2) more portability, and 3) it's not a great idea to let other remote requesters know who *is* allowed to make remote requests, as this could lead to spoofing attempts. – Anthony Apr 23 '12 at 11:47
  • I have done this, it worked, but now it doesn't work if the tomcat server is on the same machine. For example if I have the apache server on machine X and the tomcat server on machine Y and if I run my application from the browser from machine X it works, but if I run the application from the browser from the machine Y(where the tomcat is) it doesn't work. I added also Access-Control-Allow-Origin:*. What could be the problem? – Dragos Apr 24 '12 at 15:04