0

I have a website on http://www.domain_a.com where I need to make a request to a JSON API hosted on http://domain_b.com. Now when I try the following:

<!DOCTYPE html>
<html>
  <head>
    <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    <script>
      $(document).ready(function() {
      $.getJSON({
        url: "http://domain_b.com/service_api/v1/find.json?name=abcd", 
        dataType: 'json',
        beforeSend: setHeader,
        success: function(data) {console.log (data)}  
      });

      function setHeader (xhr) {
        console.log (xhr);
        xhr.setRequestHeader("Authorization", "sdkfhberg83hr87234bf87r432");
        console.log (xhr);
      }
      });    
    </script>
  </head>
  <body>
  </body>
</html>

I get this error in the firebug console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://domain_b/service_api/v1/find.json?name=abcd. This can be fixed by moving the resource to the same domain or enabling CORS.

Am I doing something wrong, or is it simply not allowed (would surprise me)?

Niels Kristian
  • 8,661
  • 11
  • 59
  • 117

1 Answers1

0

Cross-origin resource sharing is what you want. Basically, The Same Origin Policy allows only the scripts that are running on the same domain to access eachothers DOM, for security reasons, ofcourse. So unless the API that you're calling does not support - ie. have the following header for response - "Access-Control-Allow-Origin", "*" , this call is not allowed.

Not entirely sure about this - but try making use of PHP proxy

Also, this might be useful to you.

NV Bhargava
  • 373
  • 2
  • 10