开发者

How to load a XML file on another domain than our [cross domain problem]

I've got an XML file on my server, and my partners have to access it via a javascript I'm coding.

It's working perfectly in local, but as soon as I do :

xmlDoc.async=false;
xmlDoc.load("/export/export.xml");

to

xmlDoc.load("http://www.something.com/export/export.xml");
开发者_JAVA技巧

It stopped working. I know that it's to avoid XSS attack, but there is no point in my case to develop that JS script if they cannot access to my XML file.

So, how to bypass such a limitation?


Provide your data in JSON-P format instead.


Depending on the need, one option would be to fully encapsulate everything coming from your site in an independent frame which is loaded from your site, thus making the page doing the loading match the server properly.

Another option would be for the partners to run a server-side script on their server that can fetch the XML file and then pass it through to the client so that it "appears" to be hosted on their server.

There's no way to bypass it on the client side; if there were it would defeat the purpose of restricting it in the first place.


I use a proxy on my domain to obtain the information. This can be any server-side script that goes and gets the information from the remote server - that way, all requests are to my local server proxy page.


Here are some workarounds for the SOP (Same Origin Policy) problem here. The post is about jQuery, but the concepts are the same:

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜