Some of my Web services are in https but my home page is in http how can i make ajax calls to get that secure data. Now i am trying using cURL in the php page. Is there any other option to get using jquery 1.5
The simplest and obvious answer is to make your page https as well. But thats usually not feasible so, you need to use jsonp to circumvent the Same Origin Policy. You can learn more about jsonp here
You could wrapper it with a HTTP proxy call to your local domain and then make the cURL request to the HTTPS from the server.
Some code provided might help. But should be simply a case of providing the full https://www.yoursite.com url to your ajax scripts.
Related
In our site, Some pages are SSL and some are non-SSL.
For Example:
http://www.example.com/search/patients
https://www.example.com/patients
Now I am searching patients on http://www.example.com/search/patients page and send server request to https://www.example.com/patients via jQuery $.ajax function and dataType=json. I am unable to get data.
Questions:
Should I use jsonp when we request from http to https or https to http on same server?
If I use SSL for both URLs then will it work with dataType=json only
Thanks
Due to Same Origin Policy your ajax request is allowed only if:
domain name, application layer protocol, and (in most browsers) port
number of the HTML document running the script are the same
In your case the application layer protocol is different, that's why your script fails.
Possible solutions are:
JSONP, which has to be provided by the server
CORS, which is a more 'elegant' and clean solution, but is not yet fully supported by IE (IE7 doesn't support it, IE8 has some limitations)
If you use SSL for both URLs it should work. Also as #Waqas Raja suggested, it would be better to use relative URLS.
e.g. $.ajax({url: '/search/patients'})
You need to use either CORS, a proxy or JSONP to get content from a different origin. Changing scheme (from http to https or the other way around) is changing origin.
Pulling data from a secure server into an insecure page eliminates many of the benefits of using SSL.
If you fetch both the page and the data source over SSL then you can use plain JSON and don't introduce those security problems.
Just wandering, how is https works? Also how is php able to get the https post? Is it just works like the normal get post in php??
Exmaple:
If there have a system having a https post to a websiet test.php , can I just get the post by using $_POST under test.php?
Yes, the decryption is done by the server's ssl layer automatically.
Yeah. Php doesn't handle the HTTP bs HTTPS. apache does. PHP behaves the same. So to answer your question - yes
Once your server is set up to handle https it's pretty much transparent to apps running on your server. Everything works the same way as HTTP, except the URL scheme and port will be different.
Please try to make questions more clear in the future, reading them yourself again.
For information on HTTPS, why not check wikipedia (or any other source) first?
http://en.wikipedia.org/wiki/HTTPS
HTTPS encrypts the communication between client and server.
Abstract that away and you still have HTTP. Thus, PHP will not even know it was HTTPS that was communicated over (other than protocol, url etc it may ask/check for. but nothing you need to keep in mind when working with it)
So yes, $_POST works with HTTPS just like with HTTP.
i want to get data from other sites using javascript executed from my website.
The PHPJS website has some nice conversions of PHP functions into Javascript.
In general, unless they expose the data with JSON-P, you can't thanks to the security considerations imposed by the same origin policy.
Recent browsers support a permissions system where a remote site can allow JavaScript running on a remote site to make a request. Flash provides a similar system, so can act as an intermediary. Both of these require the cooperation of the remote site.
The usual work around is to use a proxy service, either running on your own system (so JS makes the request to the same server, which fetches the data from the remote site) or a third-party service like YQL.
Javascript is limited by the same-domain security policy. The only way to get data from other sites is to use JSONP or build a proxy on your own host that lets you curl content from other sites.
Use jQuery:
$.post( 'http://some.website.com/file.js', function(result){
alert(result);
});
You may not fetch anything but JavaScript or JSON.
Or try this answer: How do I send a cross-domain POST request via JavaScript?
It has to be done server side - send an ajax request, run the PHP you want, and check the responseText property to see the results.
That really depends on what you mean by "data". Try using AJAX if its just for simple requests.
I've got two servers running jsp and php. I'd like the PHP page to call the JSP page for getting an output. I tried using simple Ajax and Jquery-Ajax, it doesn't seem to work. Why?
you can't use ajax cross domains due to security restrictions. you could send the data to an php-script on your domain and send the post-request from there with a function like this
AJAX cannot request pages from sites that reside in different servers. This will make it a cross-side scripting attack. Hence, you have to go only through your server side code. For PHP you can use curl to get information from other pages. You can now use the same ajax script and link it to the php page containing curl. Documentation of curl can be found if you give a google over it.
i need to fetch a url with javascript/jquery and not php.
i've read that you could do that if you got a php proxy, but that means that it is still going through php. cause then it's still the ip of the server that is fetching it.
could one fetch the url entirely with only front-end, and thus fetch it with the client's ip?
There exists a Same origin policy for AJAX requests. This prevents Javascript on, say, this site, from making a request to gmail.com (with your cookies), reading your e-mails, and uploading them to the StackOverflow server. Javascript on stackoverflow.com can only make AJAX requests to pages on that domain.
As you can see, this is essential for security. Requests must instead be made by a proxy running on your web server - PHP can be used, but there are other solutions. For example, Ajax Cross Domain is an AJAX library that communicates with a Perl script running on the server to emulate AJAX requests for other domains.
It is also possible to make requests on other domains via a javascript include (script tag), image tag, etc. but in these cases you cannot read the contents of the page.
You cannot do this with an iframe either: scripts cannot see the internals of iframes unless they are on the same domain as the script.
So in short, use a proxy.
The problem is that jQuery would fetch an url with AJAX and AJAX won't operate cross-domain because of the potential security (as per the same-origin policy).
There are however ways to emulate this, if you load the page in an iframe you can retrieve the data by using innerHTML on the iframe. Here's an example script that uses jQuery: http://code.google.com/p/jquery-crossframe/