0

Possible Duplicate:
Ways to circumvent the same-origin policy

Currently i'm trying to to call site.com/ajax/countPM from jack.site.com but the status of the request is canceled.

Community
  • 1
  • 1
Marian Petrov
  • 625
  • 2
  • 9
  • 21

3 Answers3

1

Unfortunately despite you making a call on site.com to jack.site.com due to browser policies this falls into the gray shadows of 'Same Domain Policy', the browsers essentially treat both domains as different domains, and due to that restriction stop the requests. Actually Im not sure this is just a browser thing, may be even at a higher level. But bottom line is, its a security risk to allow javascript to be able to communicate across domains even sub domains as some hosting concepts are sub domains where each sub domain is independent of the other.

Its a security risk because its really easy to inject stuff into an unsuspecting site pretending to be the site.

Anyway one of the easier work arounds is through the use of some form of server-side scripting. In my case PHP, you would use cURL, or Soap to get the contents of the remote domains contents in this case I guess a JSON or XML object, and then push it up to your script from there.

chris
  • 36,115
  • 52
  • 143
  • 252
1

(from jQuery's Additional Notes section on AJAX calls) Due to browser security restrictions, most "Ajax" requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, or protocol.

Now that said, you do have 2 options available to you to circumvent the cross-domain AJAX policy:

  • If you are working with JSON data, you might consider trying JSONP - this has been specifically created to handle cross-domain data passing with AJAX-like calls.
  • Create a server-side script to act as intermediary or pass-through on the domain where the AJAX lives (jack.site.com) that can make the calls on behalf of your AJAX script server-side.

Please let me know if you need more clarification.

Stephan Robberts
  • 320
  • 1
  • 6
0

This might work for you (add to the jack.site.com):

document.domain = "site.com";

Not sure exactly on this, but it works for some things.

meiamsome
  • 2,876
  • 1
  • 17
  • 19