Remote calls via javascript

Question

I run a service where there is a javascript file that is called and self executed on a user's site.

This then calls an external server every 10 or so seconds with a bunch of variables. I used to do this by using a createElement('script') and then setting the path to a file on the external server and passing the required variables across by means of GET variables. (works well for small URI's)

This worked really well and seemed to work cross browser as well with no undesired effects.

The problem I then ran into was when I needed to extend the amount or size of the variables that were being sent across. So obviously I decided to change from GET method to POST, but by doing that I could no longer use the createElement('script') trick and had to opt for the XMLHttpRequest() (ala Ajax - without jQuery) method which worked really well, except for the minor problem of having to also cater for Internet Explorer and Opera which didn't really play ball too well (big shock). So I used the following:

function createCORSRequest(method, url){
    var xhr = new XMLHttpRequest();
    if ("withCredentials" in xhr){
        xhr.open(method, url, true);
    } else if (typeof XDomainRequest != "undefined"){
        xhr = new XDomainRequest();
        xhr.open(method, url);
    } else {
        xhr = null;
    }
    return xhr;
}

var request = createCORSRequest("post", "http://xx.xxxx.com/");
if (request){
    request.onload = function(){
        //do something with request.responseText
    };
    request.send(myPostObjectDataVariableGoeshere);
}

..which I found over at this page

This is basically just a fallback to using the XDomainRequest() method which InternetExplorer wants you to use instead..

Fantastic, BUT -> Looking in the Console of Developer Tools in IE it says:

SEC7118: XMLHttpRequest for http://xx.xxxx.com/ required Cross Origin Resource Sharing (CORS).

SEC7120: Origin null not found in Access-Control-Allow-Origin header. 

SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.

But what's really odd about this is that I've already got the following as the first line in my backend PHP file that is being called (which works for other browsers...)

header('Access-Control-Allow-Origin: *');

Someone please tell me what's wrong here.. Also if there is a better way to be doing this instead of fighting the browser wars..

Note: I cannot use jQuery for this task!

score 0 · Answer 1 · edited May 23 '17 at 11:50

0

IE unfortunately block Cross Origin requests, i believe there is no simple way to get around it by script only, but you can try tuning the options or via my proxy script.

Tuning the options

Internet Explorer ignores Access-Control-Allow headers and by default prohibits cross-origin access for Internet Zone. To enable CORS go to Tools->Internet Options->Security tab, click on “Custom Level” button. Find the Miscellaneous -> Access data sources across domains setting and select “Enable” option.

Proxy Script on local server as a Bridge

Previous post: Remote POST request with jQuery and Ajax

This is for you to place a PHP script on a local server and do a local AJAX request and proxy to the remote server for good.

edited May 23 '17 at 11:50

Community

1
1

answered Sep 15 '13 at 00:24

Michael Mitch

789
6
14

Tuning is not an option as I can't ask all client's clients to do that... and I cant use jQuery for this task.. – AO_ Sep 15 '13 at 00:29
Try that PHP script instead, i have posted the link, just use plain javascript for an AJAX is okay. – Michael Mitch Sep 15 '13 at 00:30
I don't have access to any other servers except the final destination one. The proxy method would require a PHP file on each domain right? – AO_ Sep 15 '13 at 00:33
No, only on source domain only. destination domain do not need. This is fairly simple, as it is a server request from local server. No browser problems anymore. You could provide PHP APIs for other server to use if you cannot control the source domain. – Michael Mitch Sep 15 '13 at 00:35
I think you misunderstood. There is one proxy.php which is on the *source domain*. And then javascript on the *source domain* call the script on the *source domain*, there is no CORS actually. And then the proxy.php do a **server-side request** to the *destination domain*. – Michael Mitch Sep 15 '13 at 00:51
let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/37403/discussion-between-smftre-and-michael-mitch) – AO_ Sep 15 '13 at 00:57

score 0 · Answer 2 · answered Sep 15 '13 at 00:25

0

You should try jQuery for this task. Its much easier and don't have that problem with IE.

http://api.jquery.com/jQuery.ajax/

answered Sep 15 '13 at 00:25

gzfrancisco

812
10
14

Unfortunately I cannot use jQuery for this task. – AO_ Sep 15 '13 at 00:28
Oh, 2 questions. Which version of IE is? and do you try cross domain policy? your script is in the same domain? http://hub.tutsplus.com/tutorials/quick-tip-a-guide-to-cross-domain-policy-files--active-3832 – gzfrancisco Sep 15 '13 at 00:33
Any version of IE actually, as it needs to be cross-browser. Could be anyone online and needs to work the same. I have tried cross domain policy with a PHP header. – AO_ Sep 15 '13 at 00:35

Remote calls via javascript

2 Answers2

Tuning the options

Proxy Script on local server as a Bridge