0

Possible Duplicate:
Ways to circumvent the same-origin policy

I am making a personal web page that extracts the lottery powerball numbers and displays them. I have had success for all but this one link:

var xmlHttp = null;
xmlHttp = new XMLHttpRequest();
xmlHttp.open( "get", "http://www.powerball.com/powerball/pb_numbers.asp", false );
xmlHttp.send(null);

document.body.innerHTML = xmlHttp.responseText;

I checked the xmlHTTP.status and it is 0. However, using Live HTTP headers app I see that the request is sent and I do get a successful HTTP/1.0 200 OK where the page was received on my end. But, there is nothing received in the xmlHTTP object. No responseText, just status 0 for get not initialized.

EDIT: I do not see a Access-Control-Allow-Origin: directive in the return header. Why is this if I am being restricted because I am from a different domain?

halfer
  • 19,824
  • 17
  • 99
  • 186
dman
  • 10,406
  • 18
  • 102
  • 201

4 Answers4

0

You can't use XHR to read data from different origins. Since the request is made as the user of the browser, it is done with everything that might authenticate the user so might retrieve confidential information (which you could then use XHR to copy to your own server).

See this stackoverflow question for work arounds.

Community
  • 1
  • 1
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
0

I'm not sure how it works nor it's capabilties but you seem to have an answer above on why it doesn't work. I recommend you to use ajax instead, it's simple and works just great.

Here's an example where I use it:

var site =  $.ajax({
    url:        "http://google.com",
    type:       "GET",
    dataType:   "html",
    async:      false
}).responseText;
document.body.innerHTML = site;

Good luck,

Olindholm
  • 340
  • 4
  • 16
  • This won't work because of the [SOP](http://en.wikipedia.org/wiki/Same_origin_policy) - see: http://api.jquery.com/jQuery.ajax/#notes-0 – rsp Sep 30 '12 at 12:03
0

Your problem here is the same origin policy. You won't be able to get any data from that website using AJAX unless that website provides a JSONP API (and even then it's not technically AJAX).

You can achieve what you are doing to some extent with an iframe but you will have to include the entire page and not just the relevant part of it.

If what you need to do is Web scraping then you will have some server-side proxy to do it.

Some tools that might help you:

rsp
  • 107,747
  • 29
  • 201
  • 177
  • I don't a "Access-Control-Allow-Origin:" in the return header. Why would it not be there if I am being restricted? – dman Sep 30 '12 at 12:10
0

Alternative to cross domain ajax is:

  1. write proxy which will request the remote server using CURL
  2. call that proxy file from ajax call
Madan
  • 691
  • 5
  • 20