Working around the Same-Origin Policy?

Question

I do have a file on my local installed XAMPP which is called TEST.PHP. When i go to http://127.0.0.1/TEST.PHP and execute it, the script should post the values ID and NAME to the site http://otherdomain.com/post.php and put the output into DATA. This does not work because of the Same-Origin Policy. When i trace the packages i get an Error calles "NS_ERROR_DOM_BAD_URI". My question now is, is there anyway to make it possible anyways without needing to have access to http://otherdomain.com/?

TEST.PHP

   <script>
    $(window).load(function(){
            var url = "http://otherdomain.com/post.php";

            $.post(url,{id : "12", name : "John"}, function(data)
            {
                alert("It worked!");
            });
    });
    </script>

UPDATE

I changed it now to the following set up. I have two files called SEND.PHP and PROXY.PHP. I send a request from SEND.PHP to PROXY.PHP and PROXY.PHP sent the actual request to OTHERDOMAIN.COM. When i execute SEND.PHP now(means i am pressing the button) i always get the result "Error: 403 Forbidden Access".

SEND.PHP

<!DOCTYPE html>
<html>
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script>
$(document).ready(function(){
    $("button").click(function(){
        $.post("proxy.php", function(data,status){
            alert("Data: " + data + "\nStatus: " + status);
        });
    });
});
</script>
</head>
<body>

<button>Send Data</button>

</body>
</html>

PROXY.PHP

<?php
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,"http://otherdomain.com/data");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"name=Jack&age=23");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$server_output = curl_exec ($ch);

curl_close ($ch);

if ($server_output == "OK") { echo "It Worked!"; } else { echo "Error: " . $server_output; }

?>

The whole point of having same origin policy is to prevent people from doing something like this. — Digital Chris, Jun 04 '15 at 15:49
Take a look at this: http://stackoverflow.com/questions/3076414/ways-to-circumvent-the-same-origin-policy?rq=1 — Tuan Anh Hoang-Vu, Jun 04 '15 at 15:53
You need to do the 'otherdomain' stuff in php, not javascript. — Lance, Jun 04 '15 at 16:04
Thanks, tuananh, but this is only useful if you have access to the server. — user3877230, Jun 04 '15 at 16:05

score 2 · Answer 1 · answered Jun 04 '15 at 15:54

2

You must use a proxy file in order to avoid same origin policies restrictions. Inside proxy.php you can make the request to otherdomain.com via CURL or other HTTP libraries. Call the proxy file via JavaScript instead of calling otherdomain.com directly.

answered Jun 04 '15 at 15:54

Fulippo

31
3

It shouldnt make any difference if i pass the values from mydomain.com to otherdomain.com or from proxydomain.com to otherdomain.com, right? I cant see why this should work because the origin is still not the same. Thank you! – user3877230 Jun 04 '15 at 16:06
@user3877230 - The same origin policy only exists for the browser but the PHP file is running on your server. And your JavaScript can access the PHP because it comes from the same server (ie: your server). – Neil Smithline Jun 04 '15 at 16:28
Thank you very much for that tip and the explanation, i will try it out! – user3877230 Jun 04 '15 at 16:58

score 0 · Answer 2 · answered Jun 04 '15 at 15:49

0

No, there is no work around to the same origin policy in Javascript. It's a security feature. You could however accomplish something similar using CURL in PHP, provided you have access to the other domain.

answered Jun 04 '15 at 15:49

Kyle

1,757
1
12
22

Working around the Same-Origin Policy?

2 Answers2