Cross-subdomain request

Question

I need to make a cross subdomain request. There is a classic asp site which create an XMLHttpRequest to my PL/SQL Oracle webpage.

The asp site has the domain: test/site.asp and the PL/SQL webpage has the domain test:7779/site... so the top level domain is the same

This is my XmlHttpRequest:

var xmlHttp = null;
xmlHttp = new XMLHttpRequest();
xmlHttp.onload = function() {
    if (xmlHttp.readyState === 4) {
        if (xmlHttp.status === 200) {
            createChart(divID, xmlHttp.responseText, counter);
        } else {
            console.error("error");
        }
    } 
};

xmlHttp.open( "GET", theUrl);
xmlHttp.setRequestHeader( "pragma", "no-cache" );
xmlHttp.send( null );

No error occurs in IE11, but in Chrome:

XMLHttpRequest cannot load http://test:7779/site
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://test' is therefore not allowed access.
The response had HTTP status code 501.

Is there a solution to make a cross subdomain request? Maybe with an iframe in my asp site, to get the content?

UPDATE:

I know tried to set the document.domain at both sides to the same: test. But this also didn't solved the problem.

The top level domain is not the same as they are running on different ports in effect at the top level you have `http://test:80` and `http://test:7779` these are not equivalent. — user692942, May 27 '15 at 15:05
a technique (also used to hijack pages) is to inject a `` tag which loads the data as a javascript script. But then you will have to modify the response to behave as a javascript code/function (similar to pjax). Note these techniques were used also to hijack JSON responses in websites — Nikos M., May 27 '15 at 15:05
1. Stop setting the custom request header. That forces a preflight request. OR 2. Have the server send back an appropriate `Access-Control-Allow-Origin` header in the response — Dark Falcon, May 27 '15 at 15:06
@Lankymart running on different ports mean they run on completely different domains (by view of the request)? — ZerOne, May 27 '15 at 15:13
@DarkFalcon 1. didn't changed anything and 2. have no control to change settings in the server — ZerOne, May 27 '15 at 15:13
yes check [JSONP](http://en.wikipedia.org/wiki/JSONP) (**not pjax** sorry) — Nikos M., May 27 '15 at 15:15
@ZerOne See [Are different ports on the same server considered cross-domain? (Ajax-wise)](http://stackoverflow.com/q/1077218/692942) — user692942, May 27 '15 at 15:16
@ZerOne: I know you didn't change anything, but different browsers have different rules. So to comply with them, stop setting the custom header. Then Chrome won't preflight the request. — Dark Falcon, May 27 '15 at 15:22
@DarkFalcon sorry I meant: I removed the custom header but this didn't solved the problem — ZerOne, May 27 '15 at 15:24
@ZerOne if possible you should give jquery a shot, you avoid alot of this complex code.. I personaly would not do this in pure js — meda, May 27 '15 at 15:43
@meda so how can i achieve this with jquery? my prefer now would be to use a iframe and then somehow get the content of the iframe — ZerOne, May 27 '15 at 15:46
@ZerOne take a look at this https://api.jquery.com/jquery.get/ its very easy — meda, May 27 '15 at 15:48
@meda I looked into the API but it seems that this jquery requests are also blocked by the Access-Control-Allow-Origin — ZerOne, May 28 '15 at 08:29

score 0 · Answer 1 · answered May 29 '15 at 06:41

0

My suggestion is, why dont you use MSXML2.ServerXMLHTTP object, as you have Classic ASP in hand? So that XMLHttp request will be sent from server to server and not from browser.

You can use it like this,

Dim xmlhttp
  Set xmlhttp = Server.CreateObject("MSXML2.ServerXMLHTTP")
  xmlhttp.setTimeouts 30,500,1000,1000
  xmlhttp.Open "GET", "http://yourlink" & time, false
  On Error Resume Next
  xmlhttp.Send
  If Err.Number Then
    getBBstatus = "Could Not Retrieve Data"
    Err.Clear
  Else
    getBBstatus = xmlhttp.ResponseText
   ' Do something with the response here
  End If
  On Error Goto 0
  Set xmlhttp = nothing

Hope it helps, thanks.

answered May 29 '15 at 06:41

BabyDuck

1,249
1
9
22

I tried to use this method now, but this page, I want to request, checks for cookies settings(logged in or not). And this seems to fail, because it forwards me to the login page. Any ideas how to prevent this? – ZerOne May 29 '15 at 07:30
That means, you want to request your sub-domain just for checking whether user has logged-in? – BabyDuck Jun 01 '15 at 04:47
No, I want to get some data. But this data is only available if the user is logged in. The login seems to fail at this request and fyi: the requested page checks if the user is logged in via a specified cookie – ZerOne Jun 01 '15 at 07:14
In that case, either you need to have separate page which will not check authentication and respond with data Or you can submit login credentials every time while requesting data and that page will check credentials and authenticate the request. In both cases targeted page must be changed. – BabyDuck Jun 01 '15 at 07:25

Cross-subdomain request

1 Answers1