0

I'm getting access errors when trying to access JSON data on a server not in my domain. I've tried to activate the cross-domain capabilities by jQuery.support.cors = true; but still got the same problem.

Then I found this example page and this article and full of hope, I tried to go for XDomainRequest instead of XmlHttpRequest. Still, I get the same error.

When I type in the address in the browser window, I get to the data and can see it on my screen. What can I change/look for to make it work? (I've tried every example I could think of and now I'm drawing blank.)

I'm executing the code below.

var xdr = new XDomainRequest();
xdr.onload = function () { alert(xdr.responseText); }
xdr.open("GET", "http://blopp.json");
xdr.send();

I won't be able to ask my users to activate anything. Moreover I might expect many of them to be on domains with high restrictions (and 90%+ will be on IE, at least version 8, I hope).

EDIT:

The headers are as follows.

Request headers:

Status Code:200 OK
Request Headersview parsed
GET /AppositelabRestService/api/EnvelopeTemplate/12345 HTTP/1.1
Host: appositech.hosterspace.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko)
Chrome/22.0.1229.94 Safari/537.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: sv,en-US;q=0.8,en;q=0.6
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response Headers HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/xml; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 07 Nov 2012 09:53:19 GMT
Content-Length: 394

Konrad Viltersten
  • 36,151
  • 76
  • 250
  • 438

1 Answers1

1

The server must explicitly allow it by sending a CORS (Cross-Origin Resource Sharing) header, such as:

Access-Control-Allow-Origin: *

Otherwise the same-origin policy applies and you cannot do it.

Btw, flash uses crossdomain.xml, so if there server is hosting such a file, you can make the request through flash.

Unfortunately http://appositech.hosterspace.com/crossdomain.xml is 404.

Esailija
  • 138,174
  • 23
  • 272
  • 326
  • So, unless I can talk to the service provider and be very persuasive, I'm smoked? Now, that I think of it, perhaps I can skip jQuery, I won't have to specify `$.support.cors = true;` - I only need the headers to be designed differently, right? – Konrad Viltersten Nov 07 '12 at 10:02
  • @KonradViltersten for IE8 support I think you need some hacking around yea, but if the headers are there then it works out of the box for modern browsers. You can also proxy the request through your server. That is, make ajax request to your server, which in turn makes request to their server and returns the response. – Esailija Nov 07 '12 at 10:08
  • +1 (and a big one, too): Cow poo... The code will be executed in the cloud (Dynamics CRM) so I have no real server access on my side, either. At least not with any guaranteed right, hehe. I think my best shot is to be persuasive. Unless you've got a good suggestion on how to set up a proxy call under those circumstances. Thanks anyway! – Konrad Viltersten Nov 07 '12 at 10:12