How to bypass Cross origin policy

Question

Mobile app where it needs to get access to a JSON file in another server. And its showing cross origin policy blocked. So is there any way to bypass or have the access to the file ?

CORS is there for a reason. So unless you have access to the target server to change the CORS policy, you will not be able to circumvent it. — Jonathan, May 02 '15 at 02:31
Try searching for [cross origin JSON](http://stackoverflow.com/search?q=cross+origin+JSON) — Danny Beckett, May 02 '15 at 02:58
yes i have the access to the other server but we cannot use any php code in the main app — Piash Hassan, May 02 '15 at 03:40
Then simply apply the cross domain header.. but this would require php still or to use a htaccess file to apply the header — Angry 84, May 02 '15 at 03:47
I've edited my answer and included a link for using a htaccess file, this should help in your case.. Have a read of the page first. — Angry 84, May 02 '15 at 03:54

score 9 · Accepted Answer · edited May 23 '17 at 12:33

9

As already answered, you want a simple php proxy script.

This way your server grabs the json file and you simply access your server from client side. . That way javascript is only dealing with the same domain.

<?php
  header('Content-Type: application/json');
  echo file_get_contents('http://example.com/data.json');
?>

Proxy.php

<?php
  header('Content-Type: application/json');
  echo file_get_contents('http://example.com/'.$_REQUEST['file']);
?>

Another way also would be to send all of the request headers as a query string, this could be post/get as well

if (isset($_REQUEST['query'])) {
    $sQuery = http_build_query($_REQUEST);
    header('Content-Type: application/json');
    echo file_get_contents('https://www.example.com?'.$sQuery);
    exit;
}

?>

Using the second example you can try something like http://localhost/proxy.php?file=somefile.json

HTACCESS METHOD

Refer the following page about using a htaccess file on the server htaccess Access-Control-Allow-Origin

<FilesMatch ".(json|js|jsn)">
    Header set Access-Control-Allow-Origin "*"
</FilesMatch>

edited May 23 '17 at 12:33

Community

1
1

answered May 02 '15 at 03:21

Angry 84

2,935
1
25
24

As its for mobile app which will be for windows phone and firfox os and which only supports html,css and JS we cannot use any php in the main file which will be containing in the app. So any related solution to this ? – Piash Hassan May 02 '15 at 03:39
True.. my mistake, corrected. – Angry 84 May 02 '15 at 03:42
Your server where you host the app should have php, if your app uses only local files then you will need to host a php file to do this trick with a server or change the cross domain header on the server hosting the json file – Angry 84 May 02 '15 at 03:45
You too! You got taken by the PHP tag. Why would someone tag a question with PHP if a PHP solution is not an option?? BTW, I really like your solution. Very simple proxy. If nothing else I'm sure you have helped others. This OP?, not so sure that is possible. – Misunderstood May 02 '15 at 03:54
This is the simplest it can ever be for a PHP proxy, but agreed as it will help others. Though in this case he can use a HTACCESS file on the other server and allow cross domain for the set file(s) – Angry 84 May 02 '15 at 03:57

score 1 · Answer 2 · edited May 12 '15 at 17:05

1

You categorized this under PHP. You would do well to get the JSON with PHP then use PHP to create the data required by the JS.

Without more information regarding your app, I am very limited here.

This is a very typical PHP example geting json data into JavaScript:

$json = json_decode(file_get_contents('http://example.com/data.jsn'),true);
$JS = 'var data = ';
foreach ($json as $key => $value){
  $JS .= "[$key,$value],"
}
$JS = substr($JS,0,-1) . ';';  // remove trailing comma, add semicolon



echo <<<EOT
<script type="text/javascript">//<![CDATA[
$JS
//]]>
</script>
EOT;

edited May 12 '15 at 17:05

Martijn Pieters

1,048,767
296
4,058
3,343

answered May 02 '15 at 02:48

Misunderstood

5,534
1
18
25

there is a happy medium in which PHP proxies the existing request for JSON and just passes it through. No need to blend PHP and JS, nor to change anything other than a URL in the existing code. – JAAulde May 02 '15 at 03:14
@JAAulde Is "just passes it through" not what I did? The only other way I can see PHP being the proxy to JS would be to use AJAX, and that is too slow and requires an additional HTTP request by the Browser. I have found over the years that blending PHP and JS to have tremendous benefits. Simple, efficient, and quick, I like all three. Whether oit can be used here, I do not know, not enough info. – Misunderstood May 02 '15 at 03:24
I infer that the OP is already using AJAX (though I could be wrong), and it may be something which continuously reloads data during the lifecycle of the app. Server side proxy is standard implementation in situations like this if CORS cannot be implemented. I will also note that the manual creation of JS data as you are doing in building out the `$JS` string should be avoided and use of JSON serialization should replace it. The former is error prone and much harder to read. In this case the data is already JSON, so it's extra work too. – JAAulde May 02 '15 at 03:25
I would have to agree with you, the OP is very likely using AJAX. If the case were that multiple AJAX calls were being made or the AJAX call being made is altered by user interaction, then my solution falls apart quickly. I still like to spread the word about blending PHP and JS. When it's needed it's great. I have never seen any code that does it like I do. I use this technique a lot. Not necessarily for JSON but getting db data into JS. – Misunderstood May 02 '15 at 03:32
As its for mobile app which will be for windows phone and firfox os and which only supports html,css and JS we cannot use any php in the main file which will be containing in the app. So any related solution to this ? – Piash Hassan May 02 '15 at 03:37
Well! Thanks for the down vote for my efforts! Then you may want to remove the PHP tag from your Question. I did preface my answer with a comment about the PHP tag being questionable, and that my answer my not apply because your question left too many unanswered questions. While sometimes I can read minds, it requires the person to have one. – Misunderstood May 02 '15 at 03:43
You had an upvote from me as your approach was right before we found out they can not use PHP – Angry 84 May 02 '15 at 03:58
You got my upvote. Your solution is perfect for the cases where mine is not. – Misunderstood May 02 '15 at 03:59
Rather than edit in a banner, either delete your answer or just leave your post up for others to vote on. The OP is not the only person you may be helping here. – Martijn Pieters May 12 '15 at 17:05

score 1 · Answer 3 · edited May 23 '17 at 12:08

1

Use header function. check out this link how to bypass Access-Control-Allow-Origin?

    header('Access-Control-Allow-Origin: *');

edited May 23 '17 at 12:08

Community

1
1

answered May 02 '15 at 03:02

shadab

347
1
10

this answer needs some background info and further explaining. – JAAulde May 02 '15 at 03:14
This would only work if you have access to the other server.. – Angry 84 May 02 '15 at 03:17
I don't see any reason why their is a negative vote, nor do I see any reason for explaining a simple function. The question was how to bypass the problem and I gave the solution. If you are capable of building a Mobile app, write a Json and PHP code, I am sure you are capable of finding a simple header function without much effort. – shadab May 02 '15 at 03:31
@Sam it's not you. It's them. You try to help, and sometimes your efforts are not understood, they are misunderstood. The OP down voted me also. As you see this question should not have had a PHP tag. So it is your fault the OP is not very savvy. And not trying to be racist. – Misunderstood May 02 '15 at 03:48
2

Actually people downvote something like this because its only worthy of a comment.. Its not a complete answer.. And further more if they require a non PHP method then it does not help their further.. Expand your answer beyond one line / a comment amount of text. – Angry 84 May 02 '15 at 03:54
I do not encourage spoon-feeding neither should anyone in stackflow community. It only indicates lazyness on behalf of the OP, something we surely discourage. – shadab May 02 '15 at 04:01
1

Sam... simply learn what is a answer worthy content vs a comment worthy content.... thats all i am going to say on this,. – Angry 84 May 02 '15 at 04:16
@Mayhem: click on the link to my answer. 111 vote for one line answer to a similar question. its not about line, Mayhem. This question does not require 100 line of answer. – shadab May 02 '15 at 04:27
1

First off... You edited it..Your first response was just the single php line... Second the link still on refers to a source page that that still only covers PHP... Which has been established as not usable in this case. Once again, you need to put more effort into your answer.. Either way show some actual effort or explain things.. Dont just post raw answers. – Angry 84 May 02 '15 at 04:51
I edited because someone wanted me to spoon-feed. I understood the question, my answer was relevant, OP up voted me and I am pretty sure you still haven't understood the question. This is a php question. The server side is PHP and the questioner has access to PHP server as he clearly stated. but does not want to use PHP in main app which is client side. It is generally a hybrid mobile app scenario where using the Access-Control-Allow-Origin header opens a door for cross-origin access by specific requesting origins. Hope I made it clear. – shadab May 02 '15 at 05:11

How to bypass Cross origin policy

3 Answers3

Linked