0

Recently I came across the following statement: "All Ajax calls to an XML data file must come from the same domain or the request will fail.", can anyone help me understanding this since I can't make much out of it.

Radu Stoenescu
  • 3,187
  • 9
  • 28
  • 45
  • 1
    It means what it says. You can't get an XML via AJAX unless it's on the same domain as you. See this: http://en.wikipedia.org/wiki/Same_origin_policy – gen_Eric Jun 18 '13 at 16:53
  • You can't make cross-domain calls, but you can make same-domain calls to google it. – moonwave99 Jun 18 '13 at 16:54
  • I got it from the wikipedia link, thanks ! – Radu Stoenescu Jun 18 '13 at 16:55
  • It's not entirely true. We've had CORS for quite a few years now. See [Ways to circumvent the same-origin policy](http://stackoverflow.com/questions/3076414/ways-to-circumvent-the-same-origin-policy) – Quentin Jun 18 '13 at 16:56
  • 1
    that must have been written before CORS was widely supported by browsers... – dandavis Jun 18 '13 at 16:57
  • See the below thread that is related to CORS http://stackoverflow.com/questions/11597314/origin-http-localhost-is-not-allowed-by-access-control-allow-origin/11606701#11606701 – sohail.hussain.dyn Jun 18 '13 at 19:39

2 Answers2

0

Let's say your site, including the Javascript that will start the AJAX is hosted at site1.com.

The AJAX will request a file called file.xml whose address is site2.com/file.xml.

This request site1.com ---> site2.com voilates the same origin policy because the 2 are on a different domain.

The way around this?

  • Easiest solution is to host file.xml on site1.com, if you can?
  • You can request a URL on your domain site.com/getMeThatAwesomeFile which executes some server side code to grab the file's contents and returns it to you
  • You can use a reverse proxy so site2.com/file.xml actually resolves to something on your domain.
Matt Harrison
  • 13,381
  • 6
  • 48
  • 66
0

You can use JSONP but there are some limitations (Only 'GET' verbs allowed and data should be placed inside the function from server). The very first thing JSONP is not an ajax call, it downloads the script and calls the jsonp function and in that function the data is passed.

e.g. If you use JSONP, then it would be like

<script type='text/javascript' src='cross-domain-url'>jsonpFunction(data)</script>

From the server, you must get the response like jsonpFunction({'name':'abc'}), so after getting this response, your declared jsonpFunction will be called and you will be able to achieve this {'name':'abc'} object.

gen_Eric
  • 223,194
  • 41
  • 299
  • 337
sohail.hussain.dyn
  • 1,411
  • 1
  • 16
  • 26