CODEWITHSUNDEEP
javascriptxmlajaxxmlhttprequest
Thomaschaaf
Thomaschaaf

Reputation: 18196

Can I make an XMLHttpRequest to another domain?

Is there a way to use XMLHttpRequest in combination with other domains?

I would like to parse some xml from Google without having to use a server so it is minimalistically complex to run.

var req = getXmlHttpRequestObject();
...
req.open('GET', 'http://www.google.de/ig/api?weather=Braunschweig', true);
        req.setRequestHeader("Content-Type","text/xml");
        req.onreadystatechange = setMessage;
        req.send(null);

Doing it on the server side is no option at least then I wouldn't have to ask

Upvotes: 24

Views: 26383

Answers (7)

P.Gurung
P.Gurung

Reputation: 27

You cannot do cross domain request,e.g. from example1.com to example2.com through XMLHttpRequest or jQuery(which is a wrapper of XMLHttpRequest) due to security issue in client side(browser). This can be effectively implemented in modern browser supporting HTML5 through CORS(cross origin resource sharing, which cannot be available in every client browser. So, the solution is to insert script tag in example1.com of example2.com, and this solution is known as JSON-P(JSON with padding), the name could be misleading as the data can be in any format served by the server(example2.com). Its implementation code is given in this link http://newtechinfo.net/jsonp-for-cross-domain-ajax/

Upvotes: 2

cycrel
cycrel

Reputation: 97

It is possible to make a XHR to another domain with HTML5.You can also make different protocol request with XHR when communicating with HTTP to another web site.

Upvotes: 0

user847988
user847988

Reputation: 984

HTML5 now supports Cross Origin requests with XmlHttpRequest level 2 take a look at :

http://www.html5rocks.com/en/tutorials/cors/

Upvotes: 8

Vincent Ramdhanie
Vincent Ramdhanie

Reputation: 103135

You can try to do something on the serverside. So on your application you make the request to the remote site getting the result and returning it to your client. The AJAX call is then only calling your own server and works.

Upvotes: -1

Pim Jager
Pim Jager

Reputation: 32119

That's not possible due to the SOP (Same Origin Policy) that browser have these days to restrict XSS attacks.
You will have to use a server side script (PHP or something).

Upvotes: 1

Javier
Javier

Reputation: 62583

It's a security issue, most (all?) browsers won't let you do that. You can use a hidden IFrame to do your fetching, but it's complex enough that i'd just use a server (or switch to a different language, if i don't have to run in a browser)

Upvotes: 2

Brian Gianforcaro
Brian Gianforcaro

Reputation: 27180

Nope, not right now. I believe I read that plans/design's are in the works by standards groups for the future, so we can securely do this.

Cross site scripting vulnerabilities would be rampant other wise.

JSONP is a possible solution if the other sites API supports.

Upvotes: 11

Related Questions