Avoiding AJAX cross domain limitations

Question

Is it possible to avoid AJAX cross domain request limitation if JS file with $.getJSON is loaded from the same server (domain) as URL in AJAX request? Let's say I have a webservice on serverA.com which needs to be called from pages on few other domains e.g. subdomain.serverA.com, serverB.com etc. JS is placed on serverA.com and included on multiple pages on different domains with absolute URL:

<script src="http://serverA.com/ajax.js" />

while page URL is e.g. http://serverB.com/page.html

In such case, $.getJSON('http://serverA.com/service/',... will avoid cross domain limitations or not?

In other words, browsers are looking at page URL or JS source URL when evaluating same-origin policy for AJAX requests?

Answer 1

It sounds like you're asking "Can I get round the cross domain limitations of javascript?"

The answer is "yes", by using JSONP

There's a lot of good information here:

• Basic example of using .ajax() with JSONP?
• Ways to circumvent the same-origin policy
• jQuery - How to remove cross domain limitation

If that's not the question you're asking then you may need to clarify it a little.

Answer 2

In other words, browsers are looking at page URL or JS source URL when evaluating same-origin policy for AJAX requests?

The same origin policy is based on the URL of the HTML document the script is running on, not the URL of the script itself.

Is it possible to avoid AJAX cross domain request limitation if JS file with $.getJSON is loaded from the same server (domain) as URL in AJAX request?

Yes, but not because the JS file is loaded from there. The URL of the script is irrelevant.

Answer 3

Instead of JSONP, I would recommend Cross Origin Resource Sharing.

The owner of the service, just need to add a header that gives the (static, dynamic or open) list of authorized origins.