Apache Setting On XMLHttpRequest Cross-Domain Issue

Thursday, June 19, 2008

You may all know that XMLHttpRequest does not work automatically across domain. Which means that when you load a page, you can't make a request to a domain that is different from that page's domain. So your script on myserverhere.com can't request object to myserverthere.com, for example.

But there's always a cure for everything, and here we have the solution on Apache's mod_rewrite, this is a module that uses a rule-based rewriting engine, we usually used it to make a clean URL, to rewrite requested URLs on the fly, it's basically a regex parser.

Cross domain request happens if you have a code like this on myserverhere.com

var XMLHttp = getXMLHttp();
XMLHttp.open("POST", "http://myserverthere.com/something.php?value="+somevalue);

We run this script on myserverhere.com, but we make a post request to myserverthere.com. The domain mismatch is the cause of the problem.

IE and Mozilla-based browser have different way of handling this cross-domain requests. In IE, you can do cross-domain request, but you have to change browser's default security. While Mozilla, they have this signed-script. You must enable the UniversalBrowser privileges depending on the different domains involved in the cross-domain request. Therefore, there are no simple browser-based solution for this problem.

Fortunately, mod_rewrite has solution for this, with its RewriteRule directive. Here are the quick steps:

1. Configure your apache with proxy enabled
./configure --enable-proxy
2. Enable RewriteEngine at httpd.conf
RewriteEngine On
3. Add this rule:
RewriteRule ^/something.php$ http://myserverthere.com/something.php [P] The [P] indicates pass-through proxy.

With that, instead of sending request to http://myserverthere.com/something.php you can use /something.php URL in the javascript code, like this:
var XMLHttp = getXMLHttp();
XMLHttp.open("POST", "/something.php?value="+somevalue);
There is one problem though. You HAVE to have access to your Apache configuration. If you're a programmer that doesn't have access to Apache, you'll have to tell your webserver administrator about this hack.

Hope this helps.

Bookmark and Share

Posted by codeAway at 8:51 AM  

Labels: , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)