This is extracted from an article by Brett McLaughlin about AJAX ------------------------------------------------ Welcome to the sandbox Ajax has a sandbox security model. As a result, your Ajax code (and specifically, the XMLHttpRequest object) can only make requests to the same domain on which it''s running. You''ll learn lots more about security and Ajax in an upcoming article, but for now realize that code running on your local machine can only make requests to server-side scripts on your local machine. If you have Ajax code running on www.breakneckpizza.com, it must make requests to scripts that run on www.breakneckpizza.com. ----------------------------------------------- I don''t agree with his point: I can make an ajax request to Google for example from my own domain and get the search result response back without any error. So does that article make any sense to you when it says ".can only make requests to the same domain on which it''s running."? Thank you experts. --Doug _______________________________________________ Rails-spinoffs mailing list Rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs
I''d love to see your code snippet that does that ''cause AFAIK it''s technically impossible in any browser on the market. Greg ________________________________ From: rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org [mailto:rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org] On Behalf Of Doug Ly Sent: Thursday, August 17, 2006 12:34 PM To: rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org Subject: [Rails-spinoffs] Cross Domain Ajax Request This is extracted from an article by Brett McLaughlin about AJAX ------------------------------------------------ Welcome to the sandbox Ajax has a sandbox security model. As a result, your Ajax code (and specifically, the XMLHttpRequest object) can only make requests to the same domain on which it''s running. You''ll learn lots more about security and Ajax in an upcoming article, but for now realize that code running on your local machine can only make requests to server-side scripts on your local machine. If you have Ajax code running on www.breakneckpizza.com, it must make requests to scripts that run on www.breakneckpizza.com. ----------------------------------------------- I don''t agree with his point: I can make an ajax request to Google for example from my own domain and get the search result response back without any error. So does that article make any sense to you when it says "...can only make requests to the same domain on which it''s running."? Thank you experts. --Doug _______________________________________________ Rails-spinoffs mailing list Rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs
Doug Ly wrote:> I can make an ajax request to Google for example from my own domain and > get the search result response back without any error. So does that > article make any sense to you when it says “…can only make requests to > the same domain on which it''s running.”?You can use <script> tags to call code in another domain and get JSON from that which you can then use. But you can''t use XHR to do a normal request. -- Michael Peters Developer Plus Three, LP
Yes sir, it works like a charm for me. AFAIK :-), XMLHttpRequest won''t
allow
you to execute javascript located on a different domain. But hell yeah,
it''s
possible to make across domain request buddies.
Here is the code snippet I used
<script type="text/javascript"
src="js/prototype.js"></script>
<script type="text/javascript"
src="js/scriptaculous.js"></script>
<script>
changeContent = function(req)
{
new
Ajax.Request(''http://www.google.com/search?hl=en&q=Doug+ly&btnG=Google+Searc
h'', {onSuccess:function(e)
{
alert(e.responseText);
} ,
onFailure: function(e)
{
debugger;
alert(e.statusText);
},
method :
''get''
}
);
}
</script>
.
After the request is done, alert pops up with the responseText.
If you guys want to know more about this cross domain scripting issue,
please visit my blog to view my experience.
http://frontier05.blogspot.com/2006/04/remote-scripting-on-googles-blogspot.
html
--Doug
_____
From: rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
[mailto:rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org]
On Behalf Of Hill,
Greg
Sent: Thursday, August 17, 2006 1:48 PM
To: rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
Subject: RE: [Rails-spinoffs] Cross Domain Ajax Request
I''d love to see your code snippet that does that ''cause AFAIK
it''s
technically impossible in any browser on the market.
Greg
_____
From: rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
[mailto:rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org]
On Behalf Of Doug Ly
Sent: Thursday, August 17, 2006 12:34 PM
To: rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
Subject: [Rails-spinoffs] Cross Domain Ajax Request
This is extracted from an article by Brett McLaughlin about AJAX
------------------------------------------------
Welcome to the sandbox
Ajax has a sandbox security model. As a result, your Ajax code (and
specifically, the XMLHttpRequest object) can only make requests to the same
domain on which it''s running. You''ll learn lots more about
security and Ajax
in an upcoming article, but for now realize that code running on your local
machine can only make requests to server-side scripts on your local machine.
If you have Ajax code running on www.breakneckpizza.com, it must make
requests to scripts that run on www.breakneckpizza.com.
-----------------------------------------------
I don''t agree with his point:
I can make an ajax request to Google for example from my own domain and get
the search result response back without any error. So does that article make
any sense to you when it says ".can only make requests to the same domain
on
which it''s running."?
Thank you experts.
--Doug
_______________________________________________
Rails-spinoffs mailing list
Rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs
It didn''t work for me.
When I was learning to use Prototype''s Ajax.Request I wrote the
following script.
http://www.foxnight.net/test/
usage:
Enter any string but local to request a google search for the words.
Using the word ''local'' without quotes will fetch a local page
from the URL.
It shouldn''t work for you at all with a default browser configuration,
however, if you''re using Internet Explorer, and in your security
options for Internet Explorer you change "Access data sources across
domains" from "Disabled" to "Enable" or
"Prompt" then you''ll be able to do a remote request.
At least as far as I can remember the default setting in IE is Disabled.
I am not aware of an equivelent security setting in Firefox at this time because
I never cared to look.
What browser are you using?
-----Original Message-----
From: rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
[mailto:rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org]On
Behalf Of Doug Ly
Sent: Thursday, August 17, 2006 3:30 PM
To: rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
Subject: RE: [Rails-spinoffs] Cross Domain Ajax Request
Yes sir, it works like a charm for me. AFAIK J, XMLHttpRequest won''t
allow you to execute javascript located on a different domain. But hell yeah,
it''s possible to make across domain request buddies.
Here is the code snippet I used
<script type="text/javascript"
src="js/prototype.js"></script>
<script type="text/javascript"
src="js/scriptaculous.js"></script>
<script>
changeContent = function(req)
{
new
Ajax.Request(''http://www.google.com/search?hl=en&q=Doug+ly&btnG=Google+Search'',
{onSuccess:function(e)
{
alert(e.responseText);
} ,
onFailure: function(e)
{
debugger;
alert(e.statusText);
},
method :
''get''
}
);
}
</script>
...
After the request is done, alert pops up with the responseText.
If you guys want to know more about this cross domain scripting issue, please
visit my blog to view my experience.
http://frontier05.blogspot.com/2006/04/remote-scripting-on-googles-blogspot.html
--Doug
From: rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
[mailto:rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org]
On Behalf Of Hill, Greg
Sent: Thursday, August 17, 2006 1:48 PM
To: rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
Subject: RE: [Rails-spinoffs] Cross Domain Ajax Request
I''d love to see your code snippet that does that ''cause AFAIK
it''s technically impossible in any browser on the market.
Greg
From: rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
[mailto:rails-spinoffs-bounces-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org]
On Behalf Of Doug Ly
Sent: Thursday, August 17, 2006 12:34 PM
To: rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
Subject: [Rails-spinoffs] Cross Domain Ajax Request
This is extracted from an article by Brett McLaughlin about AJAX
------------------------------------------------
Welcome to the sandbox
Ajax has a sandbox security model. As a result, your Ajax code (and
specifically, the XMLHttpRequest object) can only make requests to the same
domain on which it''s running. You''ll learn lots more about
security and Ajax in an upcoming article, but for now realize that code running
on your local machine can only make requests to server-side scripts on your
local machine. If you have Ajax code running on www.breakneckpizza.com, it must
make requests to scripts that run on www.breakneckpizza.com.
-----------------------------------------------
I don''t agree with his point:
I can make an ajax request to Google for example from my own domain and get the
search result response back without any error. So does that article make any
sense to you when it says "...can only make requests to the same domain on
which it''s running."?
Thank you experts.
--Doug