Home>

Can you please tell me how to make a cross-domain request to a third-party server on jQuery ??? I tested it on my hosting, and if I make a request from a local server to my hosting, then I will receive an answer only if the hosting explicitly states in the .htaccess file

Header add Access-Control-Allow-Origin "*",

maybe I misunderstand something, but I would like to know how to make a request without writing such a line in .htaccess, and is it possible?

>maybe I misunderstand something, but I would like to know how to make a request without writing such a line in .htaccess, and is it possible? Let me paraphrase a little: without the desire of the server owner -no.

etki2021-10-18 05:51:09

That is, it comes out until the owner of the server prescribes such a line, then how? But after all, if I go to this address in the browser, then I will see the data in json format, maybe I can take it somehow?

webkostya2021-10-18 05:51:09

Make a request to your server, and from your server -to the one you need.

vanchester2021-10-18 05:51:09

A light googling finds everything in the morning.

KoVadim2021-10-18 05:51:09

Some kind of crap, they chewed on all this with some third-party plugin on Habré, but they did not tell the very essence, can anyone explain how to implement this in JS, not necessarily cross-browser, the main thing is that this data could be displayed on the mycitycard.nichost page .ru /api /news? id= 23

webkostya2021-10-18 05:51:09
  • Answer # 1

    You can:

    There is a little PHP trick. And this trick will work not only with Google, but with any sites that you do not have access to and you cannot add Access-Control-Allow-Origin *

    We need to create a PHP file (eg getContentFromUrl.php) on our server and access it.

    PHP

    <
    ? php
    $ ext_url= $ _POST ['ext_url'];
    echo file_get_contents ($ ext_url);
    ? >
    

    JS

    $ .ajax ({
        method: 'POST',
        url: 'getContentFromUrl.php', //link to your PHP file
        data: {
            //url where our server will send a request that we cannot make via AJAX
            'ext_url': 'https://stackoverflow.com/questions/6114436/access-control-allow-origin-error-sending-a-jquery-post-to-google-apis'
        },
        success: function (data) {
            //now we can take any data from the external url, because we have the whole page
            var $ h1= $ (data) .find ('h1'). html ();
            $ ('h1'). text ($ h1);
        },
        error: function () {
            console.log ('Error');
        }
    });
    

    How it works:

    1. Your browser will use JS to send a request to your server
    2. Your server will send a request to any other server and receive a response
    3. Your server will send this response to your JS file

    And we can add an event of type onClick to the button. Hope this helps!

    Here in duplication, in fact, there is a sign of some obsession. It is quite enough in the comments to give a link to this question, and not to copy the answer one-to-one.

    A K2021-10-18 17:51:09

    Your php script looks like a great backdoor and DoS booster. It is necessary at least to limit the list of domains ...

    Pavel Mayorov2021-10-18 17:51:09

    Yes you are right. In terms of safety, this is not the best solution. You can use it, then delete the script from the server and keep it for future tasks. For example, it is very convenient to copy the desired content from third-party resources using this bundle. After that, of course, you can delete the script from the server.

    dfox2021-10-18 17:51:09
  • Answer # 2

    You can:

    There is a little PHP trick. And this trick will work not only with Google, but with any sites that you do not have access to and you cannot add Access-Control-Allow-Origin *

    We need to create a PHP file (eg getContentFromUrl.php) on our server and access it.

    PHP

    <
    ? php
    $ ext_url= $ _POST ['ext_url'];
    echo file_get_contents ($ ext_url);
    ? >
    

    JS

    $ .ajax ({
        method: 'POST',
        url: 'getContentFromUrl.php', //link to your PHP file
        data: {
            //url where our server will send a request that we cannot make via AJAX
            'ext_url': 'https://stackoverflow.com/questions/6114436/access-control-allow-origin-error-sending-a-jquery-post-to-google-apis'
        },
        success: function (data) {
            //now we can take any data from the external url, because we have the whole page
            var $ h1= $ (data) .find ('h1'). html ();
            $ ('h1'). text ($ h1);
        },
        error: function () {
            console.log ('Error');
        }
    });
    

    How it works:

    1. Your browser will use JS to send a request to your server
    2. Your server will send a request to any other server and receive a response
    3. Your server will send this response to your JS file

    And we can add an event of type onClick to the button. Hope this helps!

    Here in duplication, in fact, there is a sign of some obsession. It is quite enough in the comments to give a link to this question, and not to copy the answer one-to-one.

    A K2021-10-18 17:51:09

    Your php script looks like a great backdoor and DoS booster. It is necessary at least to limit the list of domains ...

    Pavel Mayorov2021-10-18 17:51:09

    Yes you are right. In terms of safety, this is not the best solution. You can use it, then delete the script from the server and keep it for future tasks. For example, it is very convenient to copy the desired content from third-party resources using this bundle. After that, of course, you can delete the script from the server.

    dfox2021-10-18 17:51:09
  • Answer # 3

    No, this is not possible with standard JavaScript.

    It's all about the browser's security policy, it requires confirmation on the server side that such a request is allowed. If the server does not send a special header in response to the Ajax request, then the browser itself blocks the response from the server, although you receive it. All that remains is to use workarounds.

    You can read more: http://learn.javascript.ru/xhr-crossdomain

  • Answer # 4

    No, this is not possible with standard JavaScript.

    It's all about the browser's security policy, it requires confirmation on the server side that such a request is allowed. If the server does not send a special header in response to the Ajax request, then the browser itself blocks the response from the server, although you receive it. All that remains is to use workarounds.

    You can read more: http://learn.javascript.ru/xhr-crossdomain