Attempting to make a Cross Domain AJAX request to a Server I don’t own

ajaxcross-browserjqueryserver

I'm aware that javascript programs running in a browser are bound to the same-origin policy which prevents them from requesting services from a server that is on a different domain. What I've gathered from that is that lets say a script on www.mysite.com could not request a service from www.myothersite.com or even mysite.com.

If I run the following code from www.mysite.com:

var link = "https://www.myothersite.com/jobs-feed.xml";
$.ajax({
      type:"GET",
      url: link,
      dataType: "xml",
      success: function(text){
              alert(text);
      }
})

It will result in this error appearing in the console:

XMLHttpRequest cannot load 
www.myothersite.com/jobs-feed.xml. 
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'www.mysite.com' is therefore not allowed access.

I've read that there is a number of ways to prevent this error and make a cross domain AJAX request successfully.

  1. JSONP – This requires the data being returned in JSON format but otherwise it will allow JS programs running in browsers to request data from another server in a different domain. Something that is usually prohibited because of the same-origin policy.

  2. Cross Origin Request
    Makes use of HTTP headers to allow for a cross-domain ajax request. It requires CORs enabled Browser and Server.

Now here is my question, If I'd like to go with a COR request and I don't have access to the server to enable it for COR's what should I do? Should I contact the server admin and ask them to allow me to connect? I'm not very knowledgeable when it comes to Computer Networking and Servers, it's definitely not my strong point.

But from what I've gathered the error above is usually an issue with the server not allowing the requesting domain access to the data? Is that correct?

If so how can I overcome this? ideally, JSONP would be a desired option but the data is not in JSON format, in my case it's XML.

Any help would be appreciated. I've been looking around at numerous links online and trying to get my head around CORs and cross domain ajax requests. They've definitely helped me to realize what is going wrong, but I am unsure about how I might go about enabling COR's.

If this is more of a question for SO I apologize, I'm more looking for the opinions of others in the programming community.

Thank you for any help.

Best Answer

What I would do:

  1. Contact the 3rd party site, and ask if they could include you in their CORS policy, if not then
  2. Make sure there's no JSONP or similar "public access" point to use, if not then
  3. Use a CORS proxy (There's quite a few out there: https://www.google.dk/search?q=free+cors+proxy&oq=free+cor - But do know that you now trust the CORS provider to be the middleman of all information), if your information is too sensitive for this then
  4. Build or install your own CORS proxy that you trust
Related Topic