RTF
RTF

Reputation: 6494

Are cross-domain ajax requests possible without server consenting?

I understand the notion of the same-origin policy and the reasons for it, and I understand that cross-domain requests are possible with CORS. But I'd like to know if it's in any way possible, however unconventional it may be, to communicate with a server cross-domain when that server does not return the "Access-Control-Allow-Origin" header in responses.

I'm not trying to attack anything. I just want to legitimately login to a web application (I don't own the web app) from a remote domain and trigger some selected functionality that will result in retrieving some data.

Could someone tell me if this is even possible and how I might go about it. If it's not possibe to do an ajax call directly, then maybe even embed a hidden iframe containing the target web app in my own site and manipulate it somehow?

Upvotes: 0

Views: 281

Answers (1)

john Smith
john Smith

Reputation: 17906

you can use yahoo query language for getting arround that :D

heres an extended jquery ajax function for dooing so

    jQuery.ajax = function (e) {
    function o(e) {
        return !r.test(e) && /:\/\//.test(e)
    }
    var t = location.protocol,
        n = location.hostname,
        r = RegExp(t + "//" + n),
        i = "http" + (/^https/.test(t) ? "s" : "") + "://query.yahooapis.com/v1/public/yql?callback=?",
        s = 'select * from html where url="{URL}" and xpath="*"';
    return function (t) {
        var n = t.url;
        if (/get/i.test(t.type) && !/json/i.test(t.dataType) && o(n)) {
            t.url = i;
            t.dataType = "json";
            t.data = {
                q: s.replace("{URL}", n + (t.data ? (/\?/.test(n) ? "&" : "?") + jQuery.param(t.data) : "")),
                format: "xml"
            };
            if (!t.success && t.complete) {
                t.success = t.complete;
                delete t.complete
            }
            t.success = function (e) {
                return function (t) {
                    if (e) {
                        e.call(this, {
                            responseText: t.results[0]
                        }, "success")
                    }
                }
            }(t.success)
        }
        return e.apply(this, arguments)
    }
}(jQuery.ajax);

this will send the request to yql which has the correct accept-headers, and yql will return the content of the url requested even if it does not have the correct headers

Upvotes: 1

Related Questions