Loading cross-domain endpoint with AJAX

jQuery Ajax Notes

  • Due to browser security restrictions, most Ajax requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, port, or protocol.
  • Script and JSONP requests are not subject to the same origin policy restrictions.

There are some ways to overcome the cross-domain barrier:

  • CORS Proxy Alternatives
  • Ways to circumvent the same-origin policy
  • Breaking The Cross Domain Barrier

There are some plugins that help with cross-domain requests:

  • Cross Domain AJAX Request with YQL and jQuery
  • Cross-domain requests with jQuery.ajax

Heads up!

The best way to overcome this problem, is by creating your own proxy in the back-end, so that your proxy will point to the services in other domains, because in the back-end not exists the same origin policy restriction. But if you can’t do that in back-end, then pay attention to the following tips.

**Warning!**

Using third-party proxies is not a secure practice, because they can keep track of your data, so it can be used with public information, but never with private data.

The code examples shown below use jQuery.get() and jQuery.getJSON(), both are shorthand methods of jQuery.ajax()

CORS Anywhere

2021 Update

Public demo server (cors-anywhere.herokuapp.com) will be very limited by January 2021, 31st

The demo server of CORS Anywhere (cors-anywhere.herokuapp.com) is meant to be a demo of this project. But abuse has become so common that the platform where the demo is hosted (Heroku) has asked me to shut down the server, despite efforts to counter the abuse. Downtime becomes increasingly frequent due to abuse and its popularity.

To counter this, I will make the following changes:

  1. The rate limit will decrease from 200 per hour to 50 per hour.
  2. By January 31st, 2021, cors-anywhere.herokuapp.com will stop serving as an open proxy.
  3. From February 1st. 2021, cors-anywhere.herokuapp.com will only serve requests after the visitor has completed a challenge: The user (developer) must visit a page at cors-anywhere.herokuapp.com to temporarily unlock the demo for their browser. This allows developers to try out the functionality, to help with deciding on self-hosting or looking for alternatives.

CORS Anywhere is a node.js proxy which adds CORS headers to the proxied request.
To use the API, just prefix the URL with the API URL. (Supports https: see github repository)

If you want to automatically enable cross-domain requests when needed, use the following snippet:

$.ajaxPrefilter( function (options) {
  if (options.crossDomain && jQuery.support.cors) {
    var http = (window.location.protocol === 'http:' ? 'http:' : 'https:');
    options.url = http + '//cors-anywhere.herokuapp.com/' + options.url;
    //options.url = "http://cors.corsproxy.io/url=" + options.url;
  }
});

$.get(
    'http://en.wikipedia.org/wiki/Cross-origin_resource_sharing',
    function (response) {
        console.log("> ", response);
        $("#viewer").html(response);
});

Whatever Origin

Whatever Origin is a cross domain jsonp access. This is an open source alternative to anyorigin.com.

To fetch the data from google.com, you can use this snippet:

// It is good specify the charset you expect.
// You can use the charset you want instead of utf-8.
// See details for scriptCharset and contentType options: 
// http://api.jquery.com/jQuery.ajax/#jQuery-ajax-settings
$.ajaxSetup({
    scriptCharset: "utf-8", //or "ISO-8859-1"
    contentType: "application/json; charset=utf-8"
});

$.getJSON('http://whateverorigin.org/get?url=" + 
    encodeURIComponent("http://google.com') + '&callback=?',
    function (data) {
        console.log("> ", data);

        //If the expected response is text/plain
        $("#viewer").html(data.contents);

        //If the expected response is JSON
        //var response = $.parseJSON(data.contents);
});

CORS Proxy

CORS Proxy is a simple node.js proxy to enable CORS request for any website.
It allows javascript code on your site to access resources on other domains that would normally be blocked due to the same-origin policy.

  • CORS-Proxy gr2m
  • CORS-Proxy rmadhuram

How does it work?
CORS Proxy takes advantage of Cross-Origin Resource Sharing, which is a feature that was added along with HTML 5. Servers can specify that they want browsers to allow other websites to request resources they host. CORS Proxy is simply an HTTP Proxy that adds a header to responses saying “anyone can request this”.

This is another way to achieve the goal (see www.corsproxy.com). All you have to do is strip http:// and www. from the URL being proxied, and prepend the URL with www.corsproxy.com/

$.get(
    'http://www.corsproxy.com/' +
    'en.wikipedia.org/wiki/Cross-origin_resource_sharing',
    function (response) {
        console.log("> ", response);
        $("#viewer").html(response);
});

CORS proxy browser

Recently I found this one, it involves various security oriented Cross Origin Remote Sharing utilities. But it is a black-box with Flash as backend.

You can see it in action here: CORS proxy browser
Get the source code on GitHub: koto/cors-proxy-browser

Related Contents:

  1. jQuery AJAX cross domain
  2. How do I send an AJAX request on a different port with jQuery?
  3. Cross domain POST request is not sending cookie Ajax Jquery
  4. cross-origin ‘Authorization’-header with jquery.ajax()
  5. How can I upload files asynchronously with jQuery?
  6. jQuery AJAX submit form
  7. How to manage a redirect request after a jQuery Ajax call
  8. How can I get jQuery to perform a synchronous, rather than asynchronous, Ajax request?
  9. How to send FormData objects with Ajax-requests in jQuery? [duplicate]
  10. How to use FormData for AJAX file upload?
  11. Uploading both data and files in one form using Ajax?
  12. AJAX cross domain call
  13. Variable doesn’t get returned from AJAX function
  14. ReactJS convert HTML string to JSX
  15. Prevent browser caching of AJAX call result
  16. Post data to JsonP
  17. Is Safari on iOS 6 caching $.ajax results?
  18. how to bypass Access-Control-Allow-Origin?
  19. event.returnValue is deprecated. Please use the standard event.preventDefault() instead
  20. Sending credentials with cross-domain posts?
  21. Load More Posts Ajax Button in WordPress
  22. Prevent Page Load on Jquery Form Submit with None Display Button
  23. Using HTML5 file uploads with AJAX and jQuery
  24. URL Encode a string in jQuery for an AJAX request
  25. How to use source: function()… and AJAX in JQuery UI autocomplete
  26. How to get an AJAX get-request to wait for the page to be rendered before returning a response?
  27. Download pdf file using jquery ajax
  28. How to pass parameters in GET requests with jQuery
  29. Getting all selected checkboxes in an array
  30. Pass Javascript variable to PHP via ajax
  31. Adding CSRFToken to Ajax request
  32. jQuery iframe load() event?
  33. Differences between contentType and dataType in jQuery ajax function
  34. jQuery: load txt file and insert into div
  35. How to select an element loaded through the jQuery load() function?
  36. How do I resend a failed ajax request?
  37. How to trigger an onkeyup event that’s delayed until a user pauses their typing?
  38. pdf file upload ajax html
  39. AJAX Promises using Array
  40. Error handling in getJSON calls
  41. Keep input value after refresh page
  42. Prevent page reload and redirect on form submit ajax/jquery
  43. jquery window.open in ajax success being blocked
  44. How do I SET a Cookie (header) with XMLHttpRequest in JavaScript?
  45. How to stop refreshing page after ajax call?
  46. How to replace html element with ajax response?
  47. Bind events on dynamic created elements inserted by AJAX (check box)
  48. How to stop form submit during ajax call
  49. how to use jQuery ajax calls with node.js
  50. Does the jQuery ajax call support PATCH?

Leave a Comment