Iacovos Constantinou » Web Development http://www.iacons.net Tue, 14 Oct 2008 17:59:07 +0000 http://wordpress.org/?v=2.9.1 en hourly 1 AJAX Cross Domain Proxy http://www.iacons.net/writing/2007/08/02/ajax-cross-domain-proxy/ http://www.iacons.net/writing/2007/08/02/ajax-cross-domain-proxy/#comments Thu, 02 Aug 2007 23:25:53 +0000 Iacovos http://www.iacons.net/writing/2007/08/02/ajax-cross-domain-proxy/ It is well known that cross domain AJAX requests (XMLHTTPRequest) are not permitted due to security reasons. Numerous workarounds exist such as cross domain JSON and Flash but some of them are not suitable for every single case. For instance, cross domain JSON assumes that remote server is able not only to serve JSON but [...]]]>

It is well known that cross domain AJAX requests (XMLHTTPRequest) are not permitted due to security reasons. Numerous workarounds exist such as cross domain JSON and Flash but some of them are not suitable for every single case. For instance, cross domain JSON assumes that remote server is able not only to serve JSON but to include a call to the specified function (the callback function) as well. On the other hand, Flash method assumes that… well, that Flash is enabled!

An interesting approach is presented by Cameron Adams in his great article Go forth and API. Cameron suggests to take advantage of mod_rewrite or mod_proxy module in Apache in order to redirect our calls in external domains; a simple but ingenious solution! However, the most common solution is the application proxy which is accompanied by some advantages outlined perfectly well by Jonathan Snook:

[...] you have more control over the entire lifecycle. You can parse the data from the remote server, do with it what you will before sending it back to the client. If anything fails along the way, you can handle it in your own way. And lastly, you can log all remote calls. With that you can track success, failure and popularity.

Cross Domain Ajax: a Quick Summary

Lately, I have developed an application proxy in PHP which I decided to publish. You can have a look at the demo and of course download it.

How it works? All you have to do is to place the corresponding file in your web server. Whenever you want to make a cross domain request, just make a request to http://www.yourdomain.com/ajax-proxy.php and specify the cross domain URL in parameter csurl. Obviously, you can add more parameters according to your needs; note that the rest of the parameters will be used for the cross domain request. For example, if you are using jQuery:

  1. $('#target').load(
  2. 'http://www.yourdomain.com/ajax-proxy.php', {
  3. csurl: 'http://www.cross-domain.com/',
  4. param1: value1, param2: value2
  5. }
  6. );

It’s worth mentioning that both POST and GET methods work, while headers were taken into consideration. That is to say, headers sent from browser to proxy are used for the cross domain request and vice versa. Finally, for security reasons you will need to define all the valid requests into the ajax-proxy.php file:

  1. $valid_requests = array(
  2. 'http://www.domainA.com/',
  3. 'http://www.domainB.com/path-to-services/service-a'
  4. );

Please note that the script is released under a CC-GNU GPL.

]]> http://www.iacons.net/writing/2007/08/02/ajax-cross-domain-proxy/feed/ 29