How to do cross domain ajax in jQuery with dataType 'text'?

Question

In my javacript function I call this ajax. It works fine but only when I access the web page from firebird server. I have the same code on my testing server. The ajax asks to download some files but only firebird server has its ip registers with our clients to be able to scp there. I need to do the same if I access the php files from testing server. All the servers are inside intranet.

is it possbile to use dataType text to do so?
do I need to do any changes on the server side?

ajax call:

url = "https://firebird"+path+"/tools.php?";    

jQuery.ajax({
    type: 'get',
    dataType: 'text',
    url: url,
    data: {database: database_name, what: 'download', files: files, t: Math.random() },
    success: function(data, textStatus){
        document.getElementById("downloading").innerHTML+=data;
    }
});

Update 1

My little web application restores databases so I can do my testing on them. Now I want to enhance it so I can connect to our customers and download a particular backup. Our customer allowed only firebird server to connect to their networks. But I have my own server dedicated to testing. So every time I want to download a database I need to connect firebird. The source of my web application and the folder with all backups are mounted into the same location on both servers firebird and testing. Right now my solution (for downloading) works but only from firebird. I work basically only testing server though.

Update 2

I make two ajax calls. One is pure jQuery call (I guess I can apply any solution to this one) and the other one is ajax call from jsTree. I created new question for that one. I seems to me that I have to go for @zzzz's option b).

The only type of cross domain call you can do (without a server side proxy) is a `jsonp` call. `text` will not work. I'm not sure I understand the SCP part correctly. Can you please elaborate on that? — Mrchief, Aug 26 '11 at 13:55
@Malvolio: Melodrama aside, what is wrong? @William Niu` reiterates my thoughts (take a thorough look at the very first line of his answer). He mentions CORS additionally, which is why his is an answer and mine a comment. — Mrchief, Aug 30 '11 at 17:11
@Mrchief -- what is wrong? You write "The only type of cross domain call you can do (without a server side proxy) is a jsonp call". That is not so. CORS is also a solution (a superior one, in my humble but wholly accurate opinion) and does not require a server-side proxy. The only advantage to JSONP is that it works in Jurassic browsers, so if you need to support the Amish or Colonial Williamsburg or something... — Michael Lorton, Aug 31 '11 at 12:39
@Malvolio: It's not wholly accurate. CORS doesn't work in Opera and IE < 8. It has partial support in IE > 8 and uses a different implementation altogether (`XDomainRequest`). Just because your customers didn't complain, do not think that everything is perfect about CORS. And believe it or not, a significant portion of the world still uses Jurassic browsers. Facts aside, the point is, you'd normally mention these type of things in a full fledged answer and not in comment. — Mrchief, Aug 31 '11 at 18:04
_"..so if you need to support the Amish or Colonial Williamsburg or something"_: I'm sorry but I'd like my site to be usable by everyone (if not everyone then as much as everyone), not just a handful of people. — Mrchief, Aug 31 '11 at 18:12
@Mrchief -- more than 90% of all browsers out there support CORS (transparently, if you use jQuery, which you should anyway). At some point, my willingness to fail to deliver all that is possible to the bold many in order to cater to the timid few begins to wane. — Michael Lorton, Sep 02 '11 at 11:01

score 3 · Answer 1 · edited May 23 '17 at 11:47

To do cross domain requests, your options are fairly limited. As @Mrchief mentioned, you could do server side proxy and jsonp.

Another option is Cross-Origin Resource Sharing (CORS), a W3C working draft. Quoting from this blog post:

The basic idea behind CORS is to use custom HTTP headers to allow both the browser and the server to know enough about each other to determine if the request or response should succeed or fail.

For a simple request, one that uses either GET or POST with no custom headers and whose body is text/plain, the request is sent with an extra header called Origin. The Origin header contains the origin (protocol, domain name, and port) of the requesting page so that the server can easily determine whether or not it should serve a response.

You can find some live examples on this site.

You will need to make changes to the server side, to accept the CORS requests. Since you have control over the server, this shouldn't be a problem. Another downside with CORS is that, it might not be compatible with older browsers. So, if some of your essential audiences use incompatible browsers, the server side proxy may actually be a better option for you.

I've been running a CORS-enabled site for more than a year and I have *never* had a customer complain that his browser couldn't use it. It's as close to perfect as you can get. The only hitch is of course, those morons at Microsoft screwed up their implementation of it so you have to engineer around their mistakes. — Michael Lorton, Aug 29 '11 at 08:57

score 2 · Answer 2 · answered Aug 28 '11 at 06:44

I just want to offer an alternative.

I am not too sure regarding your network setup, but if you have access to the DNS, maybe it would be easiest if you just give your servers some arbitrary subdomain of the same domain. Something like www.foo.com for the webfront and firebird.private.foo.com for the firebird server. This way, it becomes cross subdomain instead of cross domain. Then somewhere in your JavaScript on both pages,

document.domain = "foo.com";

This gentleman achieved this solution here.

score 1 · Accepted Answer · answered Aug 28 '11 at 06:56

You have the following options with you

a) You use jsonp type as your datatype but this involves making changes on the server side to pass the data back as json and not as txt.. this change might be as simple as

{
  "text":<your current text json encoded> 
}

and on your js side you use this as response.text; Having said that if you are getting the textis for you file from sm other domain I am not sure how easy it is for you to change the code.

b) The other option is you write a handler/end point on your server i.e within your domain that will make an HTTP request to this third domain gets the file and you send the file back to your client and effectively now your client talks to your domain only and you have control over everything. as most of yoyr questions are based on ruby here is an example:

req = Net::HTTP.get_response(URI.parse('http://www.domain.com/coupons.txt'))

@play = req.body

you can find more details about the same here.

Hope this helps.

I used your option `b)` the one I thought about before posting this question, hoping that there will be some other solution.... — Radek, Aug 29 '11 at 05:31
Radek, FYI, the option b is aka server side proxy, where you basically relay the requests and responses through an end point you have access to. — William Niu, Aug 29 '11 at 10:01

score 0 · Answer 4 · answered Aug 28 '11 at 07:02

0

Another idea is to use you web server as a proxy. You will need to consider the security implications for this route.

answered Aug 28 '11 at 07:02

Ed Heal

59,252
17
87
127

How to do cross domain ajax in jQuery with dataType 'text'?

Update 1

Update 2

4 Answers4

Linked