0

I've made .js program which makes baners on pages i own (each page is posted on different server). I'm using <script src="sample.com"></script> to run it. The problem is, my script requests main server (on which file with script is hosted) for some variables and than I get message:

Origin http://php.kotarbki.pl is not allowed by Access-Control-Allow-Origin.

I can't turn on Access-Control-Allow-Origin on server I use, but isn't it some way to work-around it, I mean this script is hosted on the server that is requesting!

-------------SERVER1---------------server-first.com---------------

script.js file:

var xmlhttp;
if (window.XMLHttpRequest)    {
   xmlhttp=new XMLHttpRequest();
}else{
   xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function(){
   if (xmlhttp.readyState==4 && xmlhttp.status==200){
      return xmlhttp.responseText.split("#");
   }
}
xmlhttp.open("GET","http://server-first.com/page.php?action=getVariables",true);
xmlhttp.send();

page.php file:

if($_GET['action']=='getVariables'){
    echo $var1 . "#" . $var2;
}

-------------SERVER2---------------second-server.com---------------

<html>
<script src="server-first.com/script.js"></script>
</html>
user2026477
  • 3
  • 3
  • Usually differing domain is not allowed, but there are ways to do it. You might have to look into the setting of HTTP response Headers on your server for [CORS](http://www.w3.org/TR/cors/). If you can't set it, as you've stated above, you're probably out of luck. Some good reference for you http://stackoverflow.com/questions/3076414/ways-to-circumvent-the-same-origin-policy – VKen Mar 13 '13 at 23:40
  • XDR = [External Data Representation](http://en.wikipedia.org/wiki/External_Data_Representation). What does it have to do with AJAX? – Barmar Mar 14 '13 at 00:04

2 Answers2

0

If the domain name is not the same you can not make a request from one site to the other.

Rusty Jeans
  • 1,426
  • 9
  • 10
0

Your next recourse is likely going to be JSONP.

I typically don't use it, but here's the idea:

// dosomething.js -- script that's already on page
var doSomething = function (obj) {
    doStuff(obj);
};


// getdata.js script that's on another server
doSomething({ name : "...", id : 1234 });


var script = document.createElement("script"),
    parent = document.getElementsByTagName("script")[0].parentNode,
    src = "//otherserver.com/getdata.js";

script.src = src;
parent.appendChild(script);

You've now created another script file, set the source (where you can add whatever query data you want) and appended it to whatever element the first script element is a child of (usually head or body). When that script file loads, it's going to call doSomething() with whatever you put inside.

So to take this to its logical conclusion, you could either set your server to treat .js extensions as PHP (or selectively, if the file doesn't actually exist), or you could ask from the JavaScript side, for "//otherserver.com/getdata.php". Then, you'll have access from the php side to do whatever you need to do. Just echo back echo "doSomething(" . ... .");";.

You can accept a "callback" parameter in the query string, so that you can tell the file what the name of the function is that needs to fire on the JS page.

Also, you should make sure that your content-type header is set to javascript, rather than text or html, if you're going to use the .php extension.

Norguard
  • 26,167
  • 5
  • 41
  • 49