HomeWriting → AJAX Cross Domain Proxy

AJAX Cross Domain Proxy


Warning: file_get_contents() [function.file-get-contents]: open_basedir restriction in effect. File(/var/www/vhosts/iacons.net/subdomains/lab/httpdocs/ajax-proxy/jquery.txt) is not within the allowed path(s): (/var/www/vhosts/iacons.net/httpdocs:/tmp) in /var/www/vhosts/iacons.net/httpdocs/wp-content/plugins/code-viewer.php on line 37

Warning: file_get_contents(/var/www/vhosts/iacons.net/subdomains/lab/httpdocs/ajax-proxy/jquery.txt) [function.file-get-contents]: failed to open stream: Operation not permitted in /var/www/vhosts/iacons.net/httpdocs/wp-content/plugins/code-viewer.php on line 37

Warning: file_get_contents() [function.file-get-contents]: open_basedir restriction in effect. File(/var/www/vhosts/iacons.net/subdomains/lab/httpdocs/ajax-proxy/validrequests.txt) is not within the allowed path(s): (/var/www/vhosts/iacons.net/httpdocs:/tmp) in /var/www/vhosts/iacons.net/httpdocs/wp-content/plugins/code-viewer.php on line 37

Warning: file_get_contents(/var/www/vhosts/iacons.net/subdomains/lab/httpdocs/ajax-proxy/validrequests.txt) [function.file-get-contents]: failed to open stream: Operation not permitted in /var/www/vhosts/iacons.net/httpdocs/wp-content/plugins/code-viewer.php on line 37

It is well known that cross domain AJAX requests (XMLHTTPRequest) are not permitted due to security reasons. Numerous workarounds exist such as cross domain JSON and Flash but some of them are not suitable for every single case. For instance, cross domain JSON assumes that remote server is able not only to serve JSON but to include a call to the specified function (the callback function) as well. On the other hand, Flash method assumes that… well, that Flash is enabled!

An interesting approach is presented by Cameron Adams in his great article Go forth and API. Cameron suggests to take advantage of mod_rewrite or mod_proxy module in Apache in order to redirect our calls in external domains; a simple but ingenious solution! However, the most common solution is the application proxy which is accompanied by some advantages outlined perfectly well by Jonathan Snook:

[…] you have more control over the entire lifecycle. You can parse the data from the remote server, do with it what you will before sending it back to the client. If anything fails along the way, you can handle it in your own way. And lastly, you can log all remote calls. With that you can track success, failure and popularity.

Cross Domain Ajax: a Quick Summary

Lately, I have developed an application proxy in PHP which I decided to publish. You can have a look at the demo and of course download it.

How it works? All you have to do is to place the corresponding file in your web server. Whenever you want to make a cross domain request, just make a request to http://www.yourdomain.com/ajax-proxy.php and specify the cross domain URL in parameter csurl. Obviously, you can add more parameters according to your needs; note that the rest of the parameters will be used for the cross domain request. For example, if you are using jQuery:

[The requested file could not be found]

It’s worth mentioning that both POST and GET methods work, while headers were taken into consideration. That is to say, headers sent from browser to proxy are used for the cross domain request and vice versa. Finally, for security reasons you will need to define all the valid requests into the ajax-proxy.php file:

[The requested file could not be found]

Please note that the script is released under a CC-GNU GPL.

Popularity: 23%

Comments (13)

Leave your comment ↓

  1. Howard Katz:

    I’ve been looking for something like this. I updated uploaded you $valid_requests array with the websites referenced in your demo site and uploaded the php code to my website, along with your html that references the php file.

    Unfortunately I couldn’t get it working. I know jquery is working, because once I click on one of the links, the #response div reports a “‘Loading! Please wait…” message that shortly disappears, to be replaced by … nothing!

    I’m new to php so I’m not sure what I could return (if anything) from ajax-proxy.php to help to debug the problem. Any suggestions? Since I’m a nubie, being as concrete as possible would be helpful!

    Thanks,
    Howard

  2. Iacovos: Author comment

    It seems that the ajax-proxy exits without making any request at all. What I forget to mention above is that you have to specify the exact URLs in $valid_requests array; not just the domains. For instance, if you are making requests to http://example.com/service, then neither http://www.example.com/service or http://example.com would work.

    Hope this solves your problem! If the problem persists you can always access directly the ajax-proxy via your browser i.e. http://www.yourdomain.com/ajax-proxy.php?csurl=http://www.iacons.net/feed/ and check the actual output.

    Thank you for stopping by and leaving your feedback!

  3. Richard:

    why would i get this error when i load the proxy via web browser? I am sure I properly initiated the csurl param

    Bad Request (Invalid Header Name)

  4. Richard:

    I removed this line if code and now it works.
    //curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers);

    I will tell you I looked at the headers and it seems there were no header names and a bunch of 0’s for values.

  5. Iacovos: Author comment

    Thank you Richard for your feedback. The line of code that you have erased copies the headers sent by your browser into the request send by the ajax-proxy to your cross-domain application. Is it possible to let me know both your browser (name, version, os) and your cross-domain application in order to debug it?

  6. sanjay:

    i am not getting any response nor any error after adding the domains to the array list on php file.. Could you please help!!

  7. kevin:

    it’s a pity, though really useful, there is no demo proxy developed in asp , for which i am dying . still thanks a lot.

  8. fedmich:

    great…

    useful but the curl on my site isn’t enabled… so Im using other means of retrieving websites like fopen()

    for asp code, I had something like this before, just dont remember on which website did I used this for

    Cheers and Happy New Year

  9. Iacovos: Author comment

    fedmich, did you modify the ajax-proxy.php to work with fopen etc? If yes, it would be nice if you could provide me your changes, integrate them into the current script and finally release an updated version that works with both approaches!

    Happy New Year!

  10. Al:

    I get… Fatal error: Call to undefined function curl_init() in C:\root\www\crosssdomainajax\ajax-proxy.php on line 67

  11. Iacovos: Author comment

    Al, you need to enable curl module in PHP.

  12. ONi:

    Iacovos: Sir, you are a genious!! this is exactly what I was looking for and works like charm. I made a little modification though, to the issue in the comment #2, I added $_GET['csurl'] to the list of $valid_requests, so on, any URL that you try to get will be a valid request, hope this works for everyone!.

  13. Iacovos: Author comment

    ONi, thanks a lot. Regarding your little modification, that was not necessary. You could simply set the value of CSAJAX_FILTERS to false (line #13). However, you (not just you, but everyone) must understand the security issue behind the filtering option. By disabling the filtering option, the ajax-proxy script can serve as an open, proxy script and anyone could use it to request any page. I am not going further and analyze how someone could take advantage of it; if anyone has more questions, feel free to contact me.

Leave your comment

Personal details

(required)

(will not be published, required)

Your comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>