Cross domain file upload with jQuery

Question

My code is working fine for same domain.
But when I try it on cross domain with dataType: 'jsonp' & crossDomain: true
Code sample -

var fa = new FormData();

fa.append("upload_pass", document.getElementById("upload_pass").files['0']);

$.ajax({    
    url: 'http://xxx.xx.xx.xx/upload.php',
    data: fa,
    contentType: false,
    processData: false,
    dataType: 'jsonp',
    crossDomain: true,
    type: 'GET',
    success: function(data) {
        alert(data);
    }
});

Is there any conceptual understanding gap or coding problem.
Please suggest.

Answer 1

No way to upload file via GET. Even if you will use JSONP. JSONP is working just with GET requests. And you can't upload files with GET request (usually files upload with POST requests).

If you wanna send cross domain POST request to some server, then you should be sure in next case:

That server should send you header Access-Control-Allow-Origin : *. Also you will may be need Access-Control-Allow-Methods: POST header.

If it has those headers, then you are lucky and you can POST your data on this server.

P.S. You can try to use other methods to make valid cross domain request. Nice js library easyXDM for cross domain requests, witch uses different ways to do it.

Answer 2

JSONP and CORS are two different things altogether.

JSONP

JSON with Padding is merely a hack taking advantage of the fact that there's no same origin policy restriction when downloading javascript files. As you can download only scripts, we make use of built-in data format JSON instead of XML or HTML. Also you can make only GET requests with JSONP because all it does is create a script with src set to some other domain and append it to your DOM, once it's downloaded, it is executed and that is when our callback is used to call code from original domain passing JSON object.

CORS

Cross-origin resource sharing is a standard from W3C that allows many resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain. You're not limited to using just GET, you can use all the usual HTTP methods like POST, HEAD, PUT , DELETE and others

How can you make a CORS request :

It's as simple as changing the url in your AJAX call to some other domain, that's it no other changes from client side.

If your browser supports CORS, then based on the type of request (simple/complex), a pre-flight OPTIONS request might be fired to get information about what type of methods & content-types are allowed for this domain and this OPTIONS response will be cached.

Going forward, whenever you make an AJAX call to some other domain, Behind the scenes, browser sends an Origin request header. For example, if a page from google makes an AJAX call to facebook, something like this is added to request headers

Origin: http://google.com

When facebook sees this header, it will check if google.com is in their valid list of allowed hosts and agrees for this by sending the following headers in response.

Access-Control-Allow-Origin: http://google.com

Note that the host name in Origin and Allow-Origin headers should match for the browser to accept and act on the response received. You can even restrict the methods & custom headers allowed by setting the following headers in response

Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER

Finally to answer your question, change your Ajax definition like below

$.ajax({    
    url: 'http://some-other-domain.com/upload.php',
    data: fa,
    contentType: false,
    processData: false,
    type: 'POST',
    success: function(data) {
        alert(data);
    }
});

As you're just doing a simple POST call with file, its a simple request so Allow-Origin header will suffice. In your PHP, read the Origin header check if it's in your list and set the same header value in Allow-Origin response header. I'm not aware of PHP but it's hopefully something like this :)

<?php
$headers = apache_request_headers();

  foreach ($headers as $header => $value) {
     if($header == "Origin"){
        /* check if $value is in your list
         if yes, set the response header */
         header('Access-Control-Allow-Origin: $value');
         /* adding just this header will allow any method from this 
            domain, in case you need to allow only POST method add
            Access-Control-Allow-Methods header as well */
         break;
      }
  }
  // do the remaining processing of request
?>

More resources on

• History of CORS
• 5 min video on CORS
• Pre-flighted requests for complex CORS requests

Hope this answers your question :)

Answer 3

You can't make any type of request using JSONP other than GET. You can't upload a file using a GET request (unless it is a very small file that you can read with JavaScript and convert to a string that can be treated as regular form data).

You need to switch to using POST with CORS (or a proxy on the same origin) to disable the same origin policy.

Answer 4

For cross domain work you need these things -

1 :- You need permission of server. Like Access-Control-Allow-Origin : *.

2 :- If you are using jquery then you can use jsonp method.

3 :- If you wants to work with plain javascript then you can use this link -

How to make a JSONP request from Javascript without JQuery?

Answer 5

As people have said - GET is not the way to do this. I've seen this kind of thing done with via a hidden iFrame. You can probably find various jQuery plugins to achieve the desired result but there's one I've found called "jQuery iFrame Transport"
https://cmlenz.github.io/jquery-iframe-transport/
Hopefully that will help you.

Answer 6

You cannot upload file using JSONP or using GET request. Are you sure that it was working for the same origin earlier?

You have to send a cross-domain XHR request to upload file. You can use JQuery File upload for this. https://github.com/blueimp/jQuery-File-Upload/wiki/Cross-domain-uploads