-1

I have a home server in domainX, it returns HTML page containing js part, which should GET data from domainY.
I can't control domainY return, which means that it it will not return any Allow-Origin headers etc.
I can't use JSON either because domainY does not support it.
postMessage may not work either, because I need to make search query https://domainY/cars=blue&price_max=10000 etc.

I guess GET is the only way (XMLHttpRequest). I would like to avoid cors proxy because I try to keep server IO usage as low as possible.

Is there any tweak I could try without doing everything in the server side?

Philipp M
  • 1,877
  • 7
  • 27
  • 38
Mika Koskimaki
  • 41
  • 6
  • 1
    Read this. http://stackoverflow.com/questions/9310112/why-am-i-seeing-an-origin-is-not-allowed-by-access-control-allow-origin-error/9311585#9311585 – Ataur Rahman Munna Jan 30 '17 at 08:21

1 Answers1

0

NO

The Same Origin Policy is designed to protect information that is private between the owner of the browser and the owner of domainY.

You can't get the browser to fetch arbitrary data (with the benefit of the browser's cookies and the browser's IP address) and then make it available to your JavaScript.

domainY might me my webmail, e-banking, or secure corporate Intranet. You aren't allowed to touch it using my browser.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335