Reputation: 1141
How can I work around the same-origin policy to develop AJAX client code for a Google AppEngine site?
I'm working with someone who has a Google AppEngine site with a custom API located there.
I need to write some AJAX Javascript to interface with the custom API on the site, but I'm getting stonewalled by the same-origin policy. JSONP will be of no use because you can't get an error callback from a failed 'AJAX' request (it doesn't use XMLHTTPRequest). I am using JQuery to make the requests.
Apparently Google AppEngine has a terrible caveat that you can't individually upload single files for testing, so I can't fix this problem by developing directly on the API's proper domain.
I'm on a MAC and I have heard you can set up some kind of proxy to get around this, I have no idea even where to start with that, and don't want to if I don't absolutely have to. What can I do to allow me to develop some AJAX JS against this API?
Upvotes: 2
Views: 2728
Answers (4)
Reputation: 1141
I solved this problem by nerfing the same-origin policy support in my browser (Chrome) such that it no longer functions or is honored. During development, I can make cross-domain requests and the browser will not act to prevent them. If you run into this problem like I did, launch Chrome like this:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --disable-web-security
This is obviously a development-only solution, but thats all I needed. For more extensive solutions the above answers concerning CORS and JSONP + properly designed JSONP APIs are more appropriate.
Upvotes: 1
Reputation: 12993
If you're just looking for a development-time solution (i.e. setting up a proxy) I would recommend Charles Web Proxy (http://www.charlesproxy.com/).
It's what I use for my local development - it can intercept requests to URLs and redirect them to other locations to get around cross-domain issues (for local development and testing - not production of course). It's pretty easy to get setup and working, and there is a free trial available.
Upvotes: 3
Reputation: 44376
The solution to your problem is CORS. Your friend's site has to permit CORS and if you want your code to support IE (it sounds like you don't) you have to use a special plugin like this one.
Upvotes: 1
Reputation: 284786
Generally, JSONP APIs do not fail to respond, for that reason among others. Even if something goes wrong, well-designed ones respond with something like:
response({
error: {...}
});
or similar. Thus, you should always get a response unless there's a network connectivity issue or the server has a serious failure (e.g. App Engine goes down). If the API does not return valid JSON for errors, I would suggest changing that.
Upvotes: 1
Related Questions
- Google App Engine and CORS
- AJAX: overcome same origin policy
- Google Web Toolkit (GWT), getting legacy JavaScript code to make AJAX calls through GWT app (to get around same origin policy)?
- cross domain ajax
- same origin policy with local server
- Ways to circumvent the same-origin policy
- AJAX between a static webpage and google app-engine server sharing same TLD
- Same Origin Policy - AJAX & using Public APIs
- How can i get around the same origin policy?
- Is google AJAX Libraries API bypassing same origin policy?