Can you AJAX Post to outside/external site?

Forum Moderators: open

Message Too Old, No Replies

Can you AJAX Post to outside/external site?

kazisdaman3

2:31 am on Jun 3, 2007 (gmt 0)

Can I have a form on a website, send out a post via ajax to a php file on a completely different domain?

ie:

xmlHttp=GetXmlHttpObject()
if (xmlHttp==null)
{
alert ("Browser does not support HTTP Request")
return
}
var url="http://www.ANOTHER-SITE/receive_post.php"
xmlHttp.onreadystatechange= function() { stateChanged(xmlHttp) }
xmlHttp.open("POST",url,true)
xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded")
xmlHttp.setRequestHeader("Content-length", params.length)
xmlHttp.setRequestHeader("Connection", "close")
xmlHttp.send(params)
}

daveVk

3:24 am on Jun 3, 2007 (gmt 0)

The short answer is NO. This thread may be relevent [webmasterworld.com...]

cmarshall

7:50 pm on Jun 3, 2007 (gmt 0)

The way that you do this (I do it all the time) is to have a PHP file in your domain that will call the remote domain URI.

You need basic PHP URI include support, which is enabled by default.

This is something only PHP seems to do well, though I think other languages can do it through curl.

mehh

7:39 pm on Jun 4, 2007 (gmt 0)

the option above is the best technique for this but if you have your heart set on no page reloads, try the ol' hidden iframe. Just submit your form to the iframe and use css. either

 visibility:none;
 height:1px;
 width:1px;


display:none

kazisdaman3

5:11 am on Jun 5, 2007 (gmt 0)

Wow ok cool, I was just about to give up.

The iframe sounds like it'll do me better.

I just put the form in the iframe correct, and when it posts out, its doing it within its frame.

daveVk

12:28 pm on Jun 5, 2007 (gmt 0)

The same cross domain rules apply to iframe as for GetXmlHttpObject(), well almost, you can load the cross domain content into the iframe but thats all. cmarshall has a good approach, I dont understand the logic of the cross domain restriction, just forces you to do the same thing via the server.

cmarshall

12:43 pm on Jun 5, 2007 (gmt 0)

I dont understand the logic of the cross domain restriction

Phishers could definitely use it to fool you into thinking that you are dealing with one site, while quietly working with another server behind the scenes.

If you've ever hit a pr0n site (I read them for the articles, I swear!), and seen the Javascript havoc they wreak, you can imagine what fun they could have if their ads could start a bunch of server connections that basically act as push agents.

No need for popups or pop unders.

daveVk

2:28 am on Jun 6, 2007 (gmt 0)

Phishers could definitely use it to fool you into thinking that you are dealing with one site, while quietly working with another server behind the scenes.

Agree, but surely they can do the same thing by going via there own server using php includes or whatever to relay the content. Seems a pretty crude fix to me.

cmarshall

10:39 am on Jun 6, 2007 (gmt 0)

I think it's a "belt and suspenders" approach. They just want to restrict the toolbox.

I'm no SSL expert, but I don't know if it would be possible for AJAX (or IFRAME) calls to be run on a page that has an established HTTPS connection, since they are discrete connections.