All geek questions in one place

Cross-domain request without CORS or JSONP

I know this question was asked earlier, but none of the answers worked for me! I am doing a school project and I would like to get the HTML (to parse it for my project) returned by the dynamic schedule files on my school server.

The page where I want to place the HTML code: https://telaris.wlu.ca/ssb_prod/bwckschd.p_disp_dyn_sched

I think CORS is not enabled for school server files, and I don't know if it supports JSONP ...

How to configure cross-domain request to get HTML code from this page?

I have tried:

$.ajax({ type:'POST', url: 'https://telaris.wlu.ca/ssb_prod/bwckschd.p_disp_dyn_sched', headers: { 'Access-Control-Allow-Origin': '*' }, contentType: 'text/html', crossDomain:true }).done(function( data ) { });

and I get the error:

XMLHttpRequest cannot load https://telaris.wlu.ca/ssb_prod/bwckschd.p_disp_dyn_sched . no The header "Access-Control-Allow-Origin" is present in the requested resource. The origin of 'null' is therefore not allowed. The response had an HTTP status code of 501.

When I add:

 dataType:'jsonp'

I get an error:

GET https://telaris.wlu.ca/ssb_prod/bwckschd.p_disp_dyn_sched?callback=jQuery21108736664191819727_1416964243449&_=1416964243450 400 (Bad Request) jquery.min.js: 4send jquery.min. : 4 (anonymous function)

Any help greatly appreciated!

+9
source share
2 answers

Browsers apply "the same" access control , unless the site explicitly allows requests between sources (via CORS or JSONP). Thus, if the site you are trying to access does not allow cross-queries, you cannot receive data directly from the site using only a browser. The browser applies the same source restrictions that the target site requests.

This is NOT security for the server, as there are many ways around this. It applies only to one specific type of browser access (although this particular type of access protection is useful).

This means that to transfer data to the browser, you will need to use some third-party agent (except the browser) that can receive data for you. The two most common ways to do this are:

  1. Your own server. You make a request to your own server to get some content from another server. Then your server receives data from another server and returns it to you in the browser.

  2. Proxy server. There are several preconfigured proxies that are created only to perform the actions described in option No. 1. You can use the proxy service or install your own proxy server to do this for you, or configure your web server for this feature.

Thus, you cannot circumvent cross-origin restrictions from a collaborative browser. But you can get around them from the server. This is because CORs restrictions are only implemented in the browser. They are not a server limitation. The browser asks the destination server which CORS policies are used and applies them only in the browser. Some other server making a request to this server does not need to pay any attention to COR policies.

+10
source

I know how frustrating it is when technical constraints make life difficult.

In a similar situation you can try the Javascript library: Xdomain
You can check the link article for the same here: http://hayageek.com/cross-domain-ajax-jquery-without-cors/
The YCombinator discussion can help if you have problems: https://news.ycombinator.com/item?id=8023844

Another way: use your server to get an HTML page and click on your application as needed. Something like that. Suppose you add one iframe as 'my_external_content.php' . The code should be

  <?php $externalURL = "http://otherdomain.com"; $externalData = file_get_contents($externalURL); echo externalData; ?>

Please refer to another SO question for some reference: Ways to circumvent the same origin policy

Hope this helps your or other people in the same situation.

+1
source

Source: https://habr.com/ru/post/978706/

More articles:


All Articles