Tags:




alternative to XMLHttpRequest
March 12, 2006 5:47 PM   RSS feed for this thread Subscribe

Is there an alternative to XMLHttpRequest that would work across different domains?

I'm working on an "external voting button" similar the one on Digg, that submits to the server without actually having to leave the page. I want to run it so that external sites can use it to submit back to the mother server. The problem I've run into is the security restriction with XMLHttpRequest, in that it will only submit back to the domain name that the current page is actually hosted by. Is there a way around this?

I found this but I'm not sure exactly what he's doing, or what "dynamic script tags" are.
posted by Dag Maggot to computers & internet (16 comments total)
While my knowledge of javascript and things ajaxy is somewhat limited, I'm pretty sure not.

BUT - this sort of thing is fairly trivial using a server side language like PHP. If your XMLHttpRequest calls a php script that fetches data from somewhere else, that should work.
posted by jaded at 5:50 PM on March 12, 2006


Your link is malformed, it looks like you meant to link to here.

Can you create a hidden IFRAME and load the external URL there?
posted by Rhomboid at 6:07 PM on March 12, 2006


yes, thanks for the link fix. Doesn't an Iframe like that have the same problem? Has to be from the same domain or a pop-up ensures?
posted by Dag Maggot at 6:09 PM on March 12, 2006


Yeah, simplest thing is just to load the URL inside your PHP script on the server.
posted by delmoi at 6:15 PM on March 12, 2006


Well see, the problem I'm having, is that I need to avoid a server side solution, because I want to give users the ability to drop a small javascript into their blog and have it just work, just like Technorati, or a google adword.

That's where the cross domain security lockdown of XMLHttpRequest stumps me.
posted by Dag Maggot at 6:39 PM on March 12, 2006


Could you have the link/button/whatever itself in an IFRAME, which loaded a page on your server to display the button? Such that the XMLHttpRequest was made from within the IFRAME and thus to the same server? I don't know whether this would work.
posted by IshmaelGraves at 6:57 PM on March 12, 2006


I could be wrong but I don't think you'll run into cross-domain problems with an IFRAME. Certainly, if you load a page from an unrelated domain in a frame it should not have access to the cookies, DOM, and so on of the parent, so you can't interact between the two. But it seems to me that the point here is just to "hit" a URL, not to necessarily do anything with the results, and in that sense an IFRAME should work fine. If they didn't allow this then I think a whole lot of advertising would break, since those seem to be on radically different domains.
posted by Rhomboid at 6:57 PM on March 12, 2006


OK, thanks, I will give that a try, I thought that iFrames were restrictive in this way, but I'll have a play.
posted by Dag Maggot at 7:01 PM on March 12, 2006


You can include javascript remotely.
posted by null terminated at 7:01 PM on March 12, 2006


You shouldn't need an IFRAME, just set the src on a hidden IMG tag to your url, with the data as querystring params.
posted by SNACKeR at 7:20 PM on March 12, 2006


Good idea Snacker, but I want this to be a button, and not to send the variables until clicked (not on page load).
posted by Dag Maggot at 7:45 PM on March 12, 2006


what if you host the javascript file on your mothership server, and have them reference that file to be included into their pages. This is much like how including Google Adsense into a website works. I am not 100% sure that this gets around cross domain security issues, but it might be something worthwhile to try.
posted by mmascolino at 8:08 PM on March 12, 2006


Building on Snacker's idea, if you're not concerned with getting a response from the server, could you try a button with an onClick method which replaces its SRC attribute with one that contains the relevant URL parameters?
posted by IshmaelGraves at 8:14 PM on March 12, 2006


Simple solution -- If you only need a success/fail response, load an image from the voting server with JS:
In the onClick method, create a new Image, and load the, where the URL of the image is the php voting script on the other server -- and get this script to return a dummy 1x1 image.

eg:

voteurl="http://voting.server.site/path/to/voting_script.php?vote=voting_args";
/* Disable voting button here, and set it to a 'submitting' image to avoid mutliple clicks */
CmdImage=new Image();
CmdImage.onload=new Function('Some_js_to_modify_voting_button_to_indicate_successful_voting');
CmdImage.onerror=new Function('window.location="'+voteurl+'";');
/* load the image / submit the vote */
CmdImage.src=voteurl+"&returnImage=true";


The onerror action is to handle failures: resubmit the same vote, but this time load the entire page so that any errors can be displayed.

Also make sure that the voting script sets all the appropriate expires/nocache headers so that the returned image does not get cached.
posted by nielm at 2:49 AM on March 13, 2006


Just realised, this is like IshmaelGraves solution :)
posted by nielm at 2:49 AM on March 13, 2006


Also make sure that the voting script sets all the appropriate expires/nocache headers so that the returned image does not get cached.

Or, just add a random argument to the call, like

CmdImage.src=voteurl+"&returnImage=true&rand="+Math.random();
 
posted by nicwolff at 4:52 PM on April 5, 2006


« Older I've been happily (well, to va...   |   My mother is planning on retir... Newer »
This thread is closed to new comments.