0

I am using jQuery.post() method to send request to another server and get response from that server.

$.post('http://www.example.com:9876/example/myServletURL',{param1:param1}).done(function(data)
{
    alert(data);
});

But I am not getting any response from the server. I have checked on server I am getting the request sent by post method.

If change the URL to Servlet which is in same war file(same domain) I am getting the response.

I have searched and found that this might be because of same origin policy.

My question is that how should I allow cross domain request using jQuery.post() method.

EDIT1

Domain is the same one, but the port numbers are different, for two different servers used for deployement.(Apache web server for php and Glassfish for java)

Solution

I have put following code to allow cross domain requests in my servlet.

response.addHeader("Access-Control-Allow-Origin", "*");
Bhushan
  • 6,151
  • 13
  • 58
  • 91
  • http://json-p.org/ or with a couple of lines of PHP – Roko C. Buljan Dec 28 '13 at 07:16
  • Why don't you try setting your request up in something like [POSTMAN](http://getpostman.com)? It can generate a proper CURL command to test with as well. If it's successful, then you know your issue is with your specific code. If it's unsuccessful, it's either a problem with your CURL syntax or the way you've built your request/headers/etc. or, depending on the error, with the server. – brandonscript Dec 28 '13 at 07:19

3 Answers3

2

You can't change the cross domain request policy in the request, as that would defeat the security purpose of the same origin policy. CORS (Cross Origin Resource Sharing) has to be enabled on the server that sends the response. The response header must contain 'Access-Control-Allow-Origin': '*'. * allows any site to access the server and can be substituted with a single site if you don't want to give access to everyone. If you have control over the server to which you are posting, http://enable-cors.org/index.html is a great resource on how to enable CORS for your request/response.

danasilver
  • 556
  • 3
  • 10
  • 1
    You've got too many quotes in your header, and it doesn't have to be `*` - `Access-Control-Allow-Origin: http://allowed.site.com` also works fine. – Collin Grady Dec 28 '13 at 07:57
  • The quoting really depends on what method you're using to set the header. The quotes I used would be just fine on node/express. Good point on the specific site. I edited to reflect that. – danasilver Dec 28 '13 at 10:39
  • But you didn't list the header as "how to set it" but that the response "must contain this" which is wrong - if you had those quotes in the actual response it would be broken; that works in node because I suspect it's a key:value pair from a JS object :) – Collin Grady Dec 28 '13 at 22:01
1

What I did in a past project was Posted the data to an ASPX page on my own server from jQuery which then Posted the data to the true destination server. This page also Responded back the Response from the destination server.

I called the page PostData.aspx and sent the destination url as an escaped querystring parameter which kept it soft enough to use on other projects.

MarkHoward02
  • 154
  • 7
1

You can actually allow Cross Domain Requests on your server but be very careful because this is not very security friendly way.

I did this with PHP where you can allow cross domain by sending some headers in the request. You can do the same in PHP.

May be this link can help you => CrossDomain ajax request using CORS

If not let me know in comments.

Community
  • 1
  • 1
Talha Masood
  • 993
  • 1
  • 7
  • 22
  • 1
    If both domains are controlled by the OP, where's the security issue with allowing communication between them? – Collin Grady Dec 28 '13 at 07:58
  • @CollinGrady Yes, actually domain is the same one, but the port number are different, for two different servers. – Bhushan Dec 28 '13 at 08:36