1

The javascript inside my page needs to download the small text file (just a small JSON Array) that resides in the following location:

http://dadosabertos.rio.rj.gov.br/apiTransporte/apresentacao/rest/index.cfm/obterPosicoesDaLinha/410

The MIME type of the document is application/json. I tried with a XMLHttpRequest but I got an error:

XMLHttpRequest cannot load http://dados[...]/410. No 'Access-Control-Allow-Origin' header
is present on the requested resource. Origin 'null' is therefore not allowed access.

I googled this, and the solutions pointed to CORS and to change things on the server side, something I cannot do.

Is there any way to retrieve this content with javascript (and only javascript)?

Thanks! L.

EDIT

Following @naresh advice, I am trying with JSONP. I added these lines to my page, but nothing happens (not even a console error):

var source = "http://dados[...]/409";
script = document.createElement('script');
script.type = 'text/javascript';
script.src = source + '?callback=downloadLinha';
document.body.appendChild(script);

My function downloadLinha(data) is just alert(data).

EDIT 2

I contacted the server administrator, and, to my surprise, they fixed the problem in a couple of hours! I didn't expect they would even answer. So my actual problem is solved, but I could not find an answer without the administrator intervention.

Anyway, thanks A LOT to all that tried to help!

Luis A. Florit
  • 2,169
  • 1
  • 33
  • 58
  • **"No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access."** – Robert Harvey Apr 07 '14 at 02:29
  • You can also use JSONP. See http://stackoverflow.com/questions/2067472/what-is-jsonp-all-about – naresh Apr 07 '14 at 02:32
  • http://en.wikipedia.org/wiki/Same-origin_policy – SLaks Apr 07 '14 at 02:34
  • @naresh: It seems you're my only hope... :o) I read the link you sent me, and trying to implement it in my page, without luck. Nothing happens? Please, see my EDIT. – Luis A. Florit Apr 07 '14 at 03:08
  • 2
    JSONP has to be supported by the server/service. And it seems that service doesn't. (what you are forgetting in the code snippet above is adding the `script` element to the document. But as I said, that wouldn't solve your overall problem). – Felix Kling Apr 07 '14 at 03:11
  • @LuisA.Florit As mentioned by Felix, JSONP has to be supported by server. Can you check with the service provider about that? – naresh Apr 07 '14 at 03:14
  • @FelixKling The second line of the snippet adds the script, no? – Luis A. Florit Apr 07 '14 at 03:15
  • @naresh: It's a city council web page. I can ask, but they probably won't answer anything. – Luis A. Florit Apr 07 '14 at 03:16
  • No, it *creates* the element, it doesn't add it to the document. You are missing `documen.body.appendChild(script);`, or something like this. But as I said, it won't help because the service doesn't seem to support JSONP, at least not via the "standard" query parameter `callback`. – Felix Kling Apr 07 '14 at 03:17
  • @FelixKling @naresh Oops! You're right, sorry, I fixed the snippet. And it seems there's some hope. I got an error in the javascript console: `Uncaught SyntaxError: Unexpected token : 409:1` So it thinks 409 is a script? Anyway, when I click on the `409:1`, it shows me the content I want to download! So it seems it's there somehow... – Luis A. Florit Apr 07 '14 at 03:28
  • Yep, the content is interpreted as JavaScript script because you are using `script` tag to load it. There is nothing you can do to get the raw content though. That's why I'm saying (repeatedly) that it won't solve your problem. – Felix Kling Apr 07 '14 at 03:31
  • @FelixKling: I see... This is public data to be used freely by developers, so there "should" be an easy way to get the data? In the site, they say: "It is also available a REST flux, that can be accessed via http, and provides a set of data as a JSON Array". :o( – Luis A. Florit Apr 07 '14 at 03:45
  • 1
    @LuisA.Florit If you cannot use CORS & JSONP, you can a write a small server-side program, which fetches data from that city council web page. You can then easily access your sever-side resource from your javascript. (whenever u invoke your server-side resource, it just fetches content from that external webpage and returns the same) – naresh Apr 07 '14 at 03:59
  • @naresh: In fact, I could use wget or curl or something to retrieve the content (that works fine). I think this is more or less what you're suggesting, no? Anyway, the `XMLHttpRequest` usual technique works perfectly inside a `webview` of an `Android` app. Any idea why? – Luis A. Florit Apr 07 '14 at 05:01
  • possible duplicate of [Ways to circumvent the same-origin policy](http://stackoverflow.com/questions/3076414/ways-to-circumvent-the-same-origin-policy) – Quentin Apr 07 '14 at 12:36

2 Answers2

0

Similar to what @RobertHarvey said, the lack of a header doesn't let you access it... Via Chrome, that is. You might still be able to access it using this handy tool called anyorigin.

Check it out: http://anyorigin.com/

mjkaufer
  • 4,047
  • 5
  • 27
  • 55
0

Nope, no can do! If I could, I would hava javascript silently load the contents of www.yourbank.com via AJAX and read whatever it can. Don't you think this is a dangerous feature with the prevalence of auto-login on the web?

You can use a proxy server, which will work as long as the target file does not depend on user-specific cookies, headers, etc.

000
  • 26,951
  • 10
  • 71
  • 101
  • I tried your proxy suggestion through a `.htaccess` file, but I get internal server errors. How to implement this? – Luis A. Florit Apr 07 '14 at 15:36
  • Apache can't so it on its own. What server-side language do you prefer? Here's a proxy server in node: http://www.catonmat.net/http-proxy-in-nodejs/ – 000 Apr 07 '14 at 16:31