16

I have a http:// site that needs to access a 3rd party JSON API that is exposed on an https:// site. I've read through Ways to circumvent the same-origin policy, but it seems the methods described there aren't appropriate for me:

  1. The document.domain method - only works on subdomains.
  2. The Cross-Origin Resource Sharing method - requires server cooperation.
  3. The window.postMessage method - seems to require opening a popup window?
  4. The Reverse Proxy method - A possible solution, but seems a bit too hard to setup.
  5. http://anyorigin.com - seems to not support SSL.

Is this it? Must I implement solution 4, which seems rather complicated, or am I missing something?

Community
  • 1
  • 1
ripper234
  • 222,824
  • 274
  • 634
  • 905
  • 4
    Can't you CURL the result from the other site with a regular PHP page on your own domain and then grab the JSON from that PHP page? – Peter Ajtai Oct 06 '11 at 21:41
  • Wouldn't [JSONP](http://en.wikipedia.org/wiki/JSONP) work here? – jwueller Oct 06 '11 at 21:42
  • I'm pretty sure anyorigin.com supports SSL. Try fetching `https://test.kems.net/`, for example - it works just fine. – David Titarenco Oct 07 '11 at 01:36
  • I am not a JSON expert, but I think you should give some more information about the "3rd party JSON API that is exposed on an https:// site.". How flexible is it? – curiousguy Oct 07 '11 at 05:06
  • @curiosguy - this is the API. Not very flexible. https://mtgox.com/api/0/data/ticker.php – ripper234 Oct 07 '11 at 06:35
  • @David - my bad, thanks! I posted this as an answer. – ripper234 Oct 07 '11 at 06:41
  • @DavidTitarenco - Hmm, it worked fine for a few weeks, but now it started to return null for _some_ https sites. Try feeding `https://bitcointalk.org/` to anyorigin for example. – ripper234 Oct 22 '11 at 22:09
  • **I wrote an answer for this question here: [Loading cross domain html page with jQuery AJAX](http://stackoverflow.com/questions/15005500/loading-cross-domain-html-page-with-jquery-ajax/17299796#17299796)** – jherax Jun 26 '14 at 13:58

3 Answers3

12

Sorry, it seems that anyorigin.com does support https.

The reason I naively thought it doesn't, is because the API in question returns JSON, and I thought I would actually just get a plain text response (as in my tests with using anyorigin.com on google.com). When it returned just an object, I figured something was broken.

It appears the object simply returns the parsed JSON, so I'm good to go!

Update - anyorigin.com stopped working with some https sites a few weeks after I posted this, so I went ahead and wrote whateverorigin.org, an open source alternative to anyorigin.

ripper234
  • 222,824
  • 274
  • 634
  • 905
  • @RobW - please open an issue on github. I will investigate this on Friday (can't promise anything sooner) - https://github.com/ripper234/Whatever-Origin – ripper234 May 22 '12 at 07:00
  • those methods won't work if the remote server returns different content based on who requests something. For example YouTube returns a webpage for a video from which you can extract a playback URL say for MP4 that will only work (say to fetch as .mp4 file) if used from the caller, not from a client of the caller (when caller is a proxy) – George Birbilis Aug 18 '13 at 23:28
  • **I wrote an answer for this question here: [Loading cross domain html page with jQuery AJAX](http://stackoverflow.com/questions/15005500/loading-cross-domain-html-page-with-jquery-ajax/17299796#17299796)** – _the last one, supports https_ – jherax Jun 26 '14 at 14:02
3

You can use Ajax-cross-origin a jQuery plugin. With this plugin you use jQuery.ajax() cross domain.

It is very simple to use:

    $.ajax({
        crossOrigin: true,
        url: url,
        success: function(data) {
            console.log(data);
        }
    });

You can read more here: http://www.ajax-cross-origin.com/

Ninioe
  • 520
  • 1
  • 6
  • 6
0

JSONP should be on your list, and higher up. Pretty much the standard. It requires server cooperation, but most any API should know what they're doing and support it.

here is a real basic writeup of how it works

Mike Ruhlin
  • 3,546
  • 2
  • 21
  • 31