0

i try to get text from a Http Get Request:

This is a small web service to correct texts.

http://193.196.7.26/cgi-bin/ColorError-line.pl?arg_childText=Ich%20gehe%20in%20die%20schule.&arg_errors=MOR_GrS;MOR_KS&arg_corrText=Ich%20gehe%20in%20die%20Schule.

When i call the service with a browser (f.e. Chrome) i see the corrected text.

Now i try this in Javascript:

var http2 = new XMLHttpRequest();
var url1 = "http://193.196.7.26/cgi-bin/ColorError-line.pl?arg_childText=Ich%20gehe%20in%20die%20schule.&arg_errors=MOR_GrS;MOR_KS&arg_corrText=Ich%20gehe%20in%20die%20Schule."
http2.open("GET", url, false);
http2.setRequestHeader("Content-type", "text/plain");
http2.send(null);
var temp = http2.responseText;

But responseText is empty. Any idea?

Simon Hilner
  • 85
  • 2
  • 11
  • Did you mean `http2.open("GET", url1, false);`? – PurkkaKoodari Feb 28 '14 at 13:00
  • 1
    Is that your domain? There is no Access-Control-Allow-Origin so cross-origin requests will fail. – Alex K. Feb 28 '14 at 13:01
  • @Pietu: Ohh i'm a idiot .. but now i get a error message: XMLHttpRequest cannot load http://193.196.7.26/cgi-bin/ColorError-line.pl?arg_childText=Ich%20gehe%20in%20die%20schule.&arg_errors=MOR_GrS;MOR_KS&arg_corrText=Ich%20gehe%20in%20die%20Schule.. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. – Simon Hilner Feb 28 '14 at 13:02
  • You need to call a server side script on your domain that downloads from that url and returns the result. – Alex K. Feb 28 '14 at 13:04
  • @Alex: No this isn't my domain. Can only the host of the webservice fix this problem? – Simon Hilner Feb 28 '14 at 13:08
  • 1
    Yes, or make a script to do it; http://stackoverflow.com/questions/5549068/json-how-do-i-make-cross-domain-json-call – Alex K. Feb 28 '14 at 13:15

1 Answers1

0

You must set the Access-Control-Allow-Origin header.

In .htaccess:

<Files "ColorError-line.pl">
    Header set Access-Control-Allow-Origin *
</Files>

or print this header:

Access-Control-Allow-Origin: *

This will allow cross-domain access from any domain, not just yours. To only allow your domain only, you should set it to

Access-Control-Allow-Origin: http://yourdomain.com

without the slash in the end, but then you must remember to change it if your domain changes. This also applies to the .htaccess version.

Update: Also, you could create a proxy script to do it, as suggested here. However, I recommend that you filter the URL sent to the proxy, or someone could create lots of excess traffic to your site by downloading big files with it.

Community
  • 1
  • 1
PurkkaKoodari
  • 6,703
  • 6
  • 37
  • 58
  • You should point out for anyone unfamiliar with CORS that this will allow cross-dom access from anyone – Alex K. Feb 28 '14 at 13:09
  • But why can i call the service with any Browser but not so easy with Javascript? That makes no sense to me. – Simon Hilner Feb 28 '14 at 13:19
  • @SimonHilner Because the pages (here your own page) are given less permissions than the user; the pages may not load any page they want (here the service) but the user (of course :D) can. – PurkkaKoodari Feb 28 '14 at 13:21
  • Maybe someone of you knows a better way to get what i want. I have no chance to call the owner of the server in the next time. – Simon Hilner Feb 28 '14 at 13:21
  • @SimonHilner There is another method in the answer. – PurkkaKoodari Feb 28 '14 at 13:22