How to make cross domain request

VB_ picture VB_ · Jul 26, 2013 · Viewed 171k times · Source

As you know, the security of the web browser disallows making of cross domain requests. I read a book which says that you should use XMLHTTPRequest only if you can put the files on the server (means put the page you will load to the same requested domain). If you can't - you should search for an alternative.

My questions are:

  1. What is the cross domain alternative to XMLHTTPRequest?
  2. What about WebSockets? Does this technology allow cross domain request?

EDIT: It still isn't clear to me...

For example, I pull my page from www.domain1.com and I need to request javascript from www.domain2.com. So the pulled page should include something like:

<script src="www.domain2.com/script.js"></script>

to avoid cross domain restrictions.

And I can use JSONP, and request will look like: http://ww.domain1.com/?callback=someFunction.js

But: isn't it the same? I just pull js from another domain! Does it avoid cross domain restrictions?

Answer

leggetter picture leggetter · Jul 26, 2013

You can make cross domain requests using the XMLHttpRequest object. This is done using something called "Cross Origin Resource Sharing". See: http://en.wikipedia.org/wiki/Cross-origin_resource_sharing

Very simply put, when the request is made to the server the server can respond with a Access-Control-Allow-Origin header which will either allow or deny the request. The browser needs to check this header and if it is allowed then it will continue with the request process. If not the browser will cancel the request.

You can find some more information and a working example here: http://www.leggetter.co.uk/2010/03/12/making-cross-domain-javascript-requests-using-xmlhttprequest-or-xdomainrequest.html

JSONP is an alternative solution, but you could argue it's a bit of a hack.