Cross domain ajax call

Question

Cross domain ajax call

I tried making a cross-domain ajax call with my own javascript, and it works without any jsonp methods, I am wondering how this is possible. I read that ajax call forwarding cannot be done due to security risk

<html>
<head>

<script type="text/javascript">



function loadXMLDoc()
{
url=document.getElementById('url_data').value;
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari
  xmlhttp=new XMLHttpRequest();
  }
else
  {// code for IE6, IE5
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }
xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    document.getElementById("myDiv").innerHTML=xmlhttp.responseText;
    }
  }
xmlhttp.open("GET",url,true);
xmlhttp.send();
}
</script>
</head>
<body>

<h2>AJAX</h2>
<div id="myDiv"></div>

<input type"text" id="url_data" value="http://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20flickr.photos.info%20where%20photo_id%3D'2186714153'&format=json"/>

<button type="button" onclick="loadXMLDoc()">Request data</button>
</body>
</html>

can someone help me

+3

ajax xss cross-domain

user381489 Jul 01 '10 at 20:22

source share

2 answers

tcooc · Answer 1 · 2010-07-01T21:31:59+0000

The site has a response header Access-Control-Allow-Origin: *that allows you to send cross-origin requests from any site ( *).

. , script xhr , JSONP (.. JQuery $.getJSON). .

Prashant Hadole · Answer 2 · 2017-03-02T04:37:03+0000

, , -, asp.net, ajax

          var jsonData = [YOUR JSON PARAMETER];

            $.ajax({
                async: false,
                type: "POST",
                url: [YOUR WEB SERVICE URL],
                contentType: "application/json; charset=utf-8",                  
                data: JSON.stringify({ json: jsonData }),
                dataType: "json",                
                success: OnSuccess,
                failure: function(err) {
                    alert("Error : " + err.d);
                }  
            }); 

            function OnSuccess(data) {
                alert("Success:" + data.d);                       
            }

, Access-Control-Allow-Origin Access-Control-Allow-Headers CustomeHeaders web.config -.

 <add name="Access-Control-Allow-Origin" value="*" />
 <add name="Access-Control-Allow-Headers" value="Content-Type" />

, *

Cross domain ajax call

More articles: