: URL rewrite - Cross domain javascript I have a site site.domain1.com that needs to launch content from another domain - content.domain2.com but I encounter cross-domain JS issues when doing this
I have a site site.domain1.com that needs to launch content from another domain - content.domain2.com but I encounter cross-domain JS issues when doing this directly.
I basically need to make site.domain1.com think that the content from domain2 is actually from domain1.com. I have read that URL rewrite in IIS7 may be the answer, can this be done?
More posts by @Fox8124981
2 Comments
Sorted by latest first Latest Oldest Best
The problem you're having is solved with CORS:
The Cross-Origin Resource Sharing standard works by adding new HTTP
headers that allow servers to describe the set of origins that are
permitted to read that information using a web browser. Additionally,
for HTTP request methods that can cause side-effects on user data (in
particular, for HTTP methods other than GET, or for POST usage with
certain MIME types), the specification mandates that browsers
"preflight" the request, soliciting supported methods from the server
with an HTTP OPTIONS request method, and then, upon "approval" from
the server, sending the actual request with the actual HTTP request
method. Servers can also notify clients whether "credentials"
(including Cookies and HTTP Authentication data) should be sent with
requests.
developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
You need to add headers, from the server, to the response telling the browser that made the request that you'll trust other origin domains. That link reviews the process and the required headers. You add headers such as:
Access-Control-Allow-Origin "*";
Access-Control-Allow-Methods "GET, POST, PUT, OPTIONS, DELETE";
Access-Control-Allow-Headers "Authorization,Content-Type,Accept";
Access-Control-Allow-Credentials "true";
The first header tells the browser to allow cross server requests from your site's JS code. There are security concerns with this approach, which is why this is not allowed directly in the first place.
Rewriting URLs alone will not solve your problem. Rewrite can only rewrite local URLs, not URLs on other sites.
You may be looking for the concept of a "reverse proxy". That is, having your webserver grab content from another site and republish it dynamically on your own domain. Then your JavaScript could access this data without cross site problems.
Here is an article about setting up reverse proxy using IIS, URL Rewrite, and ARR.
You could also look into cross domain AJAX. It looks like JSONP or Access-Control-Allow-Origin could be good options for you.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.