1

So, I'm trying to make cross-site AJAX request from my own script to the localhost. In the userscript (running on Firefox's Scriptish engine) I'm loading my script like this

myscript_include.setAttribute('src', 'http://localhost/myscript.js?' + Math.random());
head.appendChild(myscript_include);

It works indeed. Then, in myscript.js, I try to read data from localhost (finally, I would like to make get-post requests to scripts on my localhost to add any needed functionality to the web-page without writing actual Firefox extension).

Following instructions on making cross-site AJAX requests I add to myscript.js:

$.getJSON('http://localhost/ajaxdata.json', function(json) { 
    alert(json.message); 
});

Firefox JS console shows that GET request was actually made, and status is 200 OK. It even shows Content-Length 39, which is true indeed, but Response field remains empty and alert isn't shown!

What's wrong with that construction (except of it's horrible itself)? Is there some way to do what I want?

Brock Adams
  • 90,639
  • 22
  • 233
  • 295
user1094249
  • 89
  • 8
  • Just skip all that injection cruft and use `GM_xmlhttpRequest()`. – Brock Adams Jan 29 '12 at 23:51
  • Idea of that injection cruft wasn't to use ajax - I could write this in the userscript the same way. It's just quite comfortable to run scripts for personal use in that namespace - many GM engine problems were avoided this way. So I would prefer solve this problem without using GM-API if possible. – user1094249 Jan 30 '12 at 00:04

1 Answers1

2

Not sure, but maybe adding Access-Control-Allow-Origin headers to localhost will solve this?

ref: https://developer.mozilla.org/En/HTTP_access_control

Howard
  • 3,855
  • 1
  • 15
  • 12
  • Seems it's not. Without something like this response status is 200 at least, but when adding something about `Header add Access-Control-Allow-Origin "http://somedomain"` in .htaccess it returns status 500 and Apache error message in Response field. – user1094249 Jan 29 '12 at 23:26
  • @user1094249 do you have mod_header installed? What's the apache error message, just internal server error? The fact you're getting a 200 normally but no content strongly indicates that it's a cross site security policy that's denying you access to the request. For example, on stackoverflow, open firebug and issue `$.get('http://www.google.com');` inthe console, you'll see the same behaviour. – Howard Jan 30 '12 at 09:05
  • Thank you, it wasn't properly installed indeed. – user1094249 Jan 30 '12 at 19:50