2

I've got an XML file on my server, and my partners have to access it via a javascript I'm coding.

It's working perfectly in local, but as soon as I do : 

xmlDoc.async=false;
xmlDoc.load("/export/export.xml");

to 

xmlDoc.load("http://www.something.com/export/export.xml");

It stopped working. I know that it's to avoid XSS attack, but there is no point in my case to develop that JS script if they cannot access to my XML file.

So, how to bypass such a limitation?

sth
  • 222,467
  • 53
  • 283
  • 367
sf_tristanb
  • 8,725
  • 17
  • 74
  • 118

4 Answers4

3

Provide your data in JSON-P format instead.

Community
  • 1
  • 1
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • It is generally best to redesign the data structure to better fit the change in format, however http://search.cpan.org/perldoc?XML::Simple + http://search.cpan.org/perldoc?JSON::Any might well do the trick. – Quentin Apr 16 '10 at 13:17
1

Depending on the need, one option would be to fully encapsulate everything coming from your site in an independent frame which is loaded from your site, thus making the page doing the loading match the server properly.

Another option would be for the partners to run a server-side script on their server that can fetch the XML file and then pass it through to the client so that it "appears" to be hosted on their server.

There's no way to bypass it on the client side; if there were it would defeat the purpose of restricting it in the first place.

Amber
  • 507,862
  • 82
  • 626
  • 550
1

I use a proxy on my domain to obtain the information. This can be any server-side script that goes and gets the information from the remote server - that way, all requests are to my local server proxy page.

Fenton
  • 241,084
  • 71
  • 387
  • 401
0

Here are some workarounds for the SOP (Same Origin Policy) problem here. The post is about jQuery, but the concepts are the same:

Aaron McAdam
  • 706
  • 2
  • 7
  • 20