Problem With Cross Domain + Ajax

[nnodejs]

Hi guys!

I have a problem using Ajax (side client) when I'm trying to request from other domain, I know that this is caused by cross domain, but I can't find any solution to fix it!

My app have to parse a HTML webpage to use some relevant information of it. So I use Ajax to get it.

here is my code on the server, I'm using express.js:

/*

 * Module dependencies

 */

var express = require('express')

  , stylus = require('stylus')

  , nib = require('nib')

  , cors = require('express-cors')

//create the application

var app = express()

var allowCrossDomain = function(req,res,next){

  res.header("Access-Control-Allow-Origin", "*");

  res.header("Access-Control-Allow-Headers", "X-Requested-With");

  next();

}

//compile style css with stylus module

function compile(str, path) {

  return stylus(str)

    .set('filename', path)

    .use(nib());

}

app.set('views', __dirname + '/views')

app.set('view engine', 'jade')

app.use(express.logger('dev'))

app.use(allowCrossDomain);

app.use(stylus.middleware(

  { src: __dirname + '/public'

  , compile: compile

  }

))

app.use(express.static(__dirname + '/public'))

app.get('/', function (req, res) {

  res.render('index',

  { title : 'Home' }

  )

})

app.use(cors({

    allowedOrigins: [

        'google.es'

    ]

}))

//Server listening on port 3000

var server = app.listen(3000, function() {

    console.log('Listening on port %d', server.address().port);

});

And here is my request with Ajax:

$.ajax({type: 'GET',

              crossDomain: true,

              url: 'https://www.google.es/',

              dataType: "html",

              timeout: 5000,

              xhrFields: {

                withCredentials: true

             },

              success: function(data) {

              console.log(data);

              },

              error: function() { alert('Error!'); }

              }); 

Also, I was trying to do this with other types of request, not only with Ajax, but they didn't work neither. 

Please any suggestion? What's wrong?

Thanks!!

[Aria Stewart]

On Aug 20, 2014, at 2:45 PM, nnodejs <gemr...@gmail.com> wrote:

Hi guys!

I have a problem using Ajax (side client) when I'm trying to request from other domain, I know that this is caused by cross domain, but I can't find any solution to fix it!

My app have to parse a HTML webpage to use some relevant information of it. So I use Ajax to get it.

here is my code on the server, I'm using express.js:

[snip]

  res.header("Access-Control-Allow-Origin", "*");

[snip], client:

              xhrFields: {

                withCredentials: true

             },

The combination of these two isn't allowed: give a specific origin. * isn't allowed in combination with withCredentials.

Aria

[nnodejs]

Thanks Aria !

But, it still not working... I have deleted the lines in client side and when I try it again , the problem with cross Domain is still there

What's it happening?

[Jimb Esser]

I think you might have some things backwards (or possibly your example confused me).  If you want a page on your site to do a cross-origin request to www.google.es,  then www.google.es's server needs to add the Access-Control-Allow-Origin: headers, not your site.  There's no way your server can add permissions to allow your webpage to access a 3rd party's site (otherwise it would be trivial to embed something in your page which, for example, reads all of the user's email and posts it back to your server).

Also, expanding on what Aria mentioned, in your example, google.es would need to explicitly add "Access-Control-Allow-Origin: your_actual_host.com", not "*" if you're logging in with credentials.

Hope that helps clear things up,

  Jimb

[nnodejs]

Thanks a lot Jimb!

The problem is on my knowledge about cross-domain.... Probably I haven't explained it correctly before. I try it again :)

I want build a app where users write something(example:" nodejs") and with a request to a url (example: "https://groups.google.com/forum/#!forum/nodejs"), that way, the users could see in my index.html some relevant info from https://groups.google.com/forum/#!forum/nodejs, so I have to parse this url, but I don't know how, all time i can read this XMLHttpRequest cannot load https://groups.google.com/forum/#!forum/nodejs. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. on my console.

I want to learn to do it with express.

Some suggestion? I need it..

Thanks a lot!

[Jimb Esser]

Yeah... you can't do that in a web browser - it would be insecure to allow your site to access the other URL (https://groups.google.com/forum/#!forum/nodejs) from their browser - otherwise I could make a website which, every time you visit it, it posts a message, as you, to this group, saying whatever I want!  You need explicit permission (in the form of the owner of the other website adding headers, or having (unrelated to CORS) an embeddable/iframe API to send secure messages to your part of the page) to allow your website to talk to it using your visitor's authentication.

You can do something *similar* on the server though - using something like the "request" module, you can have your server go and access the other URL (though, it would be authenticating as your server, not as which user is currently viewing your site, as there's no way for your site to get the private cookies for another website), and then pipe that data back to your clients as if it came from your site.  But if you want to get a user's personalized version of another 3rd party site, it's just not possible due to good security reasons.