local AJAX-call to remote site works in Safari but not in other browsers local AJAX-call to remote site works in Safari but not in other browsers ajax ajax

local AJAX-call to remote site works in Safari but not in other browsers


javascript jquery ajax cross-browser cross-domain

CHROME

There is a plugin for chrome that will force it to ignore the security policy. You can also do this with flags. Note, please do not browse the "real web" with this enabled as it is a security risk for your computer.

FIREFOX

This thread indicates that there is presently no way to do this in firefox.

OPERA

Again, there does not appear to be a built in way to ignore CORS policies.

The alternative would be to have the server (http://my.domain.tld) in your case return the proper headers - specifically Access-Control-Allow-Origin:

javascript jquery ajax cross-browser cross-domain

To avoid this issues, you should develop your page (in your local computer it's ok) using a webserver (like apache, nginx, ...), so, your url ajax calls starts with the protocol http or https, not "file". "File" is the path of your file but using SO path system, not a web server system.

In the other hand, browsers has "Same Origin Policy". This is a security feature but what are the "problems" in web development using ajax calls? Well, your ajax calls always be done to the same server, for example, if you have your web on domain "http://my-domain.com" then your ajax calls must be to the same domain "http://my-domain.com".

To "bypass" SOP in ajax calls, you have three solutions:

  • Create a proxy on your "my-domain.com" that use curl (in php for example) to retrieve the data and return it to your ajax call
  • Use JSON-P
  • Allow your domain in your webserver (.htaccess for example) setting a proper configuration to CORS: http://enable-cors.org/

BTW

I am going to answer: "Please can anyone explain what is so risky to call data via Ajax from an other domain".(Copy & paste from mozilla MDN https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy)

The same-origin policy restricts how a document or script loaded from one origin can interact with a resource from another origin. Same-origin Policy is used as a means to prevent some of the Cross-site Request Forgery attacks.

javascript jquery ajax cross-browser cross-domain

Due to the same origin policy you aren't normally able to request resources from a different domain. Try adding crossDomain: true to your AJAX request since you are trying to make a request to a different domain.

$.ajax({    url: 'http://my.domain.tld/cgi-bin/myPerlScript.pl',    crossDomain: true,    data: "lastID=" + lastID       + '&qkz=' + Math.random(),       dataType: "json",       success: JSONreceive,       error: JSONerror});

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last