AJAX cross site scripting between own domains

StackOverflow https://stackoverflow.com/questions/808748

  •  03-07-2019
  •  | 
  •  

Question

If there anyway allows AJAX between two own domains without proxy hacking, JSONP, Flash or browser security changes? Maybe SSL or something?

Was it helpful?

Solution

A signed Java applet might be able to do it, but that is the same principle as Flash so probably would not meet your requirements.

There is a specification for cross domain requests, but it is still in the development stages.

OTHER TIPS

As far as I know, your best bet here is to create a server resource that you can direct your AJAX calls to that will forward them on to the second server on a different domain and then tunnel the results back to your application.

You could try a technique known as 'Ajast'.

Basically your javascript on domain A adds additional <script> tags as needed to the page. These script tags point to javascript files on domain B (which need not be static .js) allowing you to load data from domain B.

On the couple of occasions where I've had a similar need to work cross-domain I've sidestepped it by using an embedded borderless iframe of the same color as the embedding page. It's an old technique, predating widespread AJAX use and is often overlooked nowadays because of the 'we'll use AJAX' mindset. you can however do quite a lot with this approach and it might suffice if you are truly stuck. Certainly you can code some quite complex interactions between the embedded and main pages which can give, to some extent, a similar user experience to an AJAX-enabled page.

One obvious thought that does occur though, and one I have never tried - is it possible to embed an iframe for the second domain inside the main page (i.e. the first domain) and communicate from the main page to the second domain via the embedded iframe?

Just use easyXDM, it allows for easy communication between documents of different domains. Take a look at one of the examples, http://consumer.easyxdm.net/current/example/methods.html

Yes there is an easy way if you are using Apache. Change settings in your apache’s httpd-vhosts.conf file ( I am using Apache 2.2 )

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.com
DocumentRoot “C:/apache-tomcat-6.0.29/webapps/myApplication”
ServerName skill-guru.com
ErrorLog “logs/skg1-error.log”
CustomLog “logs/skg1-access.log” common


Header set Access-Control-Allow-Origin “*”

<Directory “C:/apache-tomcat-6.0.29/webapps/myApplication”>
Options -Indexes FollowSymLinks
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>

JkUnmount /*.jsp ajp13

</VirtualHost>

Cross site scripting with Apache

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top