понеділок, 4 березня 2013 р.

One more way to avoid Access-Control-Allow-Origin restriction for cross domain ajax requests

Some time ago I developed the application based on WebKit engine. It allows user to process page elements by injecting javascript code into original third party site source. Let's call it js tool. First version of it interacted with my site by sending ajax reqests. Everything works fine before I try to test it on secure connection to the site which we call SecureSite.

When I loaded a page from this site - my tool was not working. WebKit web inspector showed 1 error:

XMLHttpRequest cannot load http://localhost:8080/wsapi/util/uploadpagesrc. Origin https://some.secure.domain is not allowed by Access-Control-Allow-Origin.

SecureSite in his response headers sended Access-Control-Allow-Origin which block ajax request to my localhost site. In forums I found solution to use jsonp request. Here is example:

$(document).ready(function() {
 $.getJSON('http://twitter.com/users/usejquery.json?callback=?', function(json) {
But I need to send post requests and ability to save large data. In my js tool is used websockets. When ajax requests throws errors websockets works fine. They have only one minus - message size limitation. For cometd it was 8192:

I have not configured websocket server to increase this limit. Maybe I will do this another time

Немає коментарів:

Дописати коментар