Cross site AJAX

20096 total geeks with 3178 solutions

Recent challengers:

philocsd bonus 12 - 09:52PM
jbo_85 level 6 - 08:47PM
jbo_85 level 5 - 07:36PM

Welcome, you are an anonymous user! [register] [login]

	GEEK
Challenge Bonus Levels Geek Reverser View Solutions Test Centre Hall of Brain Hall of Bonus Hall of Reverse Geek or Freak

User's box

Username:

Password:

Forgot password?
New account

Shoutbox

	Domuk No, not an issue with the PHP - I was responding to "AJAX not being cross site is annoying"
	MaxMouse Really? i thought that would only be important if the user had some kind of control over where the XML came from, if you hard code it (As in a PHP file) wouldn't that eliminate XSS attacks?
	Domuk Yes, but very, very necessary. AJAX requests run in the context of the browser, there'd be no security if it was cross-domain .
	MaxMouse AJAX not being cross site is annoying, all other scripts can be used in that way, having to resort to PHP to patch it is a shame.
	SAJChurchey thx MaxMouse

Donate

Donate and help us fund new challenges

Due Date:	Nov 30
November Goal:	$40.00
Gross:	$0.00
Net Balance:	$0.00
Left to go:	$40.00

Contributors

News Feeds

The Register

	MySpace makes peace with Indies
	Nvidia previews next-gen Fermi GPUs
	Potty-mouths charged for Comcast hijack
	Microsoft Silverlight - now with hidden Windows bias
	Apple cult leader emails outside world
	Sony demos monster 3D TV
	Wrecking CRU: hackers cause massive climate data breach
	Skinny Acer notebook delivers six-day battery life
	VTOL gyro-copter flying car mates with killer robot
	Oracle begs EC for more time

Slashdot

	iPhone Owners Demand To See Apple Source Code
	Proton Beams Sent Around the LHC
	Microsoft"s Lack of Nightly Builds For IE
	Some Claim Android App Store Worse Than iPhone"s
	Climatic Research Unit Hacked, Files Leaked
	Aging Nuclear Stockpile Good For Decades To Come
	Netbooks Have Higher Failure Rate Than Laptops
	Xbox Live Class Action Being Investigated
	Patent Issued For Podcasting
	Linus Torvalds For Nobel Peace Prize?

Article viewer

Cross site AJAX

Written by:	MaxMouse
Published by:	MaxMouse
Published on:	2009-10-29 10:18:42
Topic:	PHP

Search OSI about PHP.

More articles by MaxMouse.

viewed 415 times

While developing across several domains I found AJAX lacking, in that I could only request an XML document from the same domain the script was currently executing from. Since I required some data to be shared across several domains I ended up with duplicate XML documents, updating them meant updating the master local XML document then uploading it to all of the different servers one after another. The following is a demonstration on cross site AJAX using a PHP proxy, pAJAX anyone?

AJAX, Asynchronous JavaScript and XML is a fancy way of saying "Make the browser retrieve and parse some XML", the important line of (JavaScript) code i want to talk about here is:

request.open("GET", "some-file-on-the-server.xml", true);

In my case i was using it to process an XML file containing data for google maps, the XML document is in the following format:

As outlined in the summary what I needed to do was this:

request.open("GET", "http://www.some-site.tld/some-file-on-the-server.xml", true);

Currently only firefox (>3.5) supports this kind of thing with minor changes in XML and code, but since I had to maintain browser support for the big 5 I couldn't use this method.

What I decided to do was keep one XML document on one server then use PHP to handle the rest on all other servers, lets say our XML document is at http://www.max.com/document.xml, for each site i would like that to be available I used the following.

AJAX Request:

request.open("GET", "cross_site_xml_engine.php", true);

cross_site_xml_engine.php - code:

<?php
header("Cache-Control: no-cache, must-revalidate");
header("Content-type: text/xml");
echo "\n";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,'http://www.max.com/document.xml');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$contents = curl_exec ($ch);
curl_close ($ch);

echo $contents;
?>

So now, on each server i have the above code, the AJAX request is happy because I'm requesting a file that resides on the same domain, as you can see the PHP code uses cURL to get the data from http://www.max.com/document.xml, it changes the header to XML and simply outputs the result, as far as the AJAX (JavaScript) request is concerned cross_site_xml_engine.php is simply an XML file. Whenever i update http://www.max.com/document.xml all other servers echo the change instantly without me having to re-upload to each of them, and the browser won't cause inconsistency with caching issues because I have modified the cache-control header.

Did you like this article? There are hundreds more.

Comments:

Domuk
2009-10-30 20:45:55

Depending on the need for it to be in XML, you could instead store it in JSON and load it as a JS file - an AJAX proxy is a nice alternative though, especially if it caches.

MaxMouse
2009-11-02 09:07:12

I never really looked into loading it as a .JS file, i was using stock code from google which just looped through an XML file, modifying it this way allowed me to not touch the standard code. As for caching, i didn't want that to happen (Hence the header change) because if i edit the XML and the browser uses cache it won't be reflected in the end google map.

Domuk
2009-11-02 20:35:20

I mean caching on the server-side, not browser caching - if the site gets big, you don't want every hit to also hit another server - especially if the XML changes less than every ten minutes or so. I see that as being the main advantage of using a PHP script as a proxy, really, since I'd expect the curl hit to be the majority of the request time. Also would let you carry on regardless if the other site went down.

As for modifying the standard code, if the argument to the function is a URL then it seems odd but no, nothing you can do - if you're handling the AJAX yourself, then you can just load the JSON'd XML structure at the time when you'd do the AJAX request. All something of a moot point when you've got a working solution though!

MaxMouse
2009-11-03 09:19:35

I see. The XML doesn't change that often, every couple of days maybe, and if the host server dies, it's only a Google map, it isn't critical data. If it where critical I suppose i could also have run a PHP cron job to periodically download the XML document and save it, then use the AJAX request as standard.

Have you looked at Firefox's AJAX cross site AJAX support?

Domuk
2009-11-04 00:07:15

No, I haven't. It was a sin when IE added its own tags back in the day, now that's the norm for other browsers. But now Firefox adds functionality that would actually break apps for non-Firefox users? I dread to think of new developers not understanding the issue and building their first app around it.

MaxMouse
2009-11-06 09:36:07

I never use IE, i still have to code support for it though, IE doesn't even pass the AcidTest (http://www.acidtests.org/) MS have known this since IE6, currently i have the big five installed (IE, FF, Chrome, Opera, and Safari) for testing and all but IE pass the acid test, so i have little time for it. Both firefox and Opera have their own "Special" support for things it's completely insane.

Also, i do hope no one falls into the trap of using functionality which is supported on one client but nothing else.

Anonymously add a comment: (or register here)
(registration is really fast and we send you no spam)

BB Code is enabled.

Captcha Number:

Blogs: (People who have posted blogs on this subject..)

elasolova

My PHP Projects on Sat 26th Sep 10am
I have been developing PHP applications for almost a year now. I have developed three projects. One is a simple trivia game. The other is a question-answer based community at http://www.javaist.com/quans . The last one is a programming challenge site just

countll

Blog entry for Thu 25th Oct 7am on Thu 25th Oct 7am
soo nu on this wicked world of NET. just decided to dive in today..hope friend aroun here can help

Test Yourself: (why not try testing your skill on this subject? Clicking the link will start the test.)

Test of experience (hopefully) by AcidIce

Things you're only likely to know if you've actually written a lot of PHP before :)