Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How come jQuery.load() can work Cross-Domain if the URL has "just one HTML line"?

On my website, I'm attempting to code a JavaScript script that, upon a button being clicked, scrapes data from the HTML source of some websites and displays the parsed/cleaned data on my site.

Upon reading TutorialsPoint's JQuery - Ajax page, which showcases the jQuery.load() method,

<script type = "text/javascript" language = "javascript">
     $(document).ready(function() {
        $("#driver").click(function(event){
           $('#stage').load('/jquery/result.html');
        });
     });
</script>

I decided to try it on my site. I changed the URL from the relative one to the absolute one -- "http://www.tutorialspoint.com/jquery/result.html" -- and to my surprise, it is actually functioning (click EXTRACT DATA). This contradicts my understanding, upon reading dozens of SO threads, as well as the jQuery.load() API, that the HTTP request would be subject to the Same-Origin-Policy.

Due to browser security restrictions, most "Ajax" requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, port, or protocol. ~API

When I change the URL to things like http://google.com/ or http://www.example.com/ the script doesn't function.

A line on the aforereferenced tutorial page caught my eye:

Here load() initiates an Ajax request to the specified URL /jquery/result.html file. After loading this file, all the content would be populated inside tagged with ID stage. Assuming, our /jquery/result.html file has just one HTML line

How come load() works, across domains, if the HTML file at the specified URL has solely one line?

like image 421
Kartik Chugh Avatar asked Jul 22 '17 21:07

Kartik Chugh


People also ask

How does jQuery load work?

The jQuery load() method is a simple, but powerful AJAX method. The load() method loads data from a server and puts the returned data into the selected element.

What is the difference between jQuery get () and jQuery load ()?

get() executes an Ajax GET request. The returned data (which can be any data) will be passed to your callback handler. $(selector). load() will execute an Ajax GET request and will set the content of the selected returned data (which should be either text or HTML).

Can jQuery be loaded from an external site?

Yes, it's possible, but you'll need 1 line of PHP :) If you only need RSS feeds and you don't mind relying on Google you could use jquery-feeds.

Can you do cross domain AJAX if so how?

Browser does not allow cross domain AJAX requests due to security issues. Cross-domain requests are allowed only if the server specifies same origin security policy. To enable CORS, You need to specify below HTTP headers in the server. Access-Control-Allow-Origin – Name of the domain allowed for cross domain requests.


Video Answer


2 Answers

It's not about the files or structure. It's about enabling Cross Origin Request Sharing. If the concerned server, or the request has the following header:

Access-Control-Allow-Origin: *

This will enable the AJAX to fetch files from cross-domain as well.

Indeed, sending an HTTP GET request via Hurl.it, for example, confirms that the header is present.

Request picture

like image 110
Praveen Kumar Purushothaman Avatar answered Oct 22 '22 02:10

Praveen Kumar Purushothaman


Internally load() is just a shortcut for $.ajax, the code for load() is

function load(url, params, callback) {
    // ... some checks and stuff
        jQuery.ajax({
            // settings
        }).done(function (responseText) {
            self.html(selector ?
            jQuery("<div>").append(jQuery.parseHTML(responseText)).find(selector) : responseText);
        }).complete(callback && function (jqXHR, status) {
            self.each(callback, response || [jqXHR.responseText, status, jqXHR]);
        });
    }
    return this;
}

In this case the server is returning the correct headers for a CORS requests, if you look at the request, the response headers include

Access-Control-Allow-Headers:X-Requested-With
Access-Control-Allow-Origin:*

meaning it allows requests from different origins, so it has nothing to do with load() at all, any ajax request would work fine to that URL, as it's not subject to the same-origin policy

The Cross-Origin Resource Sharing standard works by adding new HTTP headers that allow servers to describe the set of origins that are permitted to read that information using a web browser.

like image 1
adeneo Avatar answered Oct 22 '22 03:10

adeneo