Hit page without actually going to page that's NOT on your domain?

[mouseywings]

I want to know how to hit a webpage that is not on your domain. I am doing an AJAX request right now, but receiving the following error in my console:

 

 

XMLHttpRequest cannot load https://bpb.opendns.com/a/www.playboy.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://filter.localhost' is therefore not allowed access. 

 

The site I'm trying to hit does this weird cookie thing. I already spoke with their web administrator and he said the first time they access that site, it sets the cookie so they have to refresh in order to see if they can bypass a webpage they are trying to access..

 

I'm not sure if there is anyway to go about doing this since I can't go the AJAX route. But I don't have the capability of refreshing the user once they go on that page since it's not under my server or whatever. The only thing I could think of was AJAX which is not an option now.

<?php include('scripts/config.php');

//Declare Variables
$filter = new Filter();
$byPasscode = $filter->getBypassCode();
$openDns = "https://bpb.opendns.com/a/" . $_GET['url'];

echo 'Redirecting...';

?>

<html>
<head></head>
<body>
	<form method="post" name="bypassForm" id="bypassForm" action="<?php echo $openDns ?>" style="display:none">
		<input type="text" size="15" name="textBypassCode" id="textBypassCode" autocomplete="off" value="<?php echo $byPasscode; ?>" />
		<input type="password" size="15" name="passwordBypassCode" id="passwordBypassCode" style="display:none;" value="<?php echo $byPasscode; ?>" />
		<input type="hidden" name="code" id="bypassCode" value="<?php echo $byPasscode; ?>" />

		<input type="submit" value="Continue" />
	</form>

	<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
	<script type="text/javascript">
		//setTimeout(function(){
			var textBypassCode = $('#textBypassCode').val();
			var passwordBypassCode = $('#passwordBypassCode').val();
			var bypassCode = $('#bypassCode').val();

			$.ajax({
				type: 'POST',
				url: $('#bypassForm').attr('action'),
				data: { textBypassCode: textBypassCode, passwordBypassCode: passwordBypassCode, bypassCode: bypassCode }
			})
			.done(function(data) {
				//$('#bypassForm').submit();
			});
		//}, 3000);
	</script>
</body>
</html>
		
		

Up above you can see my code. Thanks for any other options that you may think of.

[darkfreaks]

 

f I understood it right you are doing an XMLHttpRequest to a different domain than your page is on. So the browser is blocking it as it usually allows a request in the same origin for security reasons.

 

Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.

 

example of how to do an offsite request using CORS: http://www.html5rocks.com/en/tutorials/cors/

[mouseywings]

The thing is is that they aren't going to add headers on their side just for our website.. I looked into that, but both parties need to be in communication.

[darkfreaks]

have you tried adding the header?

response.addHeader("Access-Control-Allow-Origin","*"); // allows all domains

[mouseywings]

Don't you have to add that to the domain you are trying to reach? It's apart of their domain. I would never be able to get them to look into the code or whatever because it's a huge company.

[kicken]

You cannot use XMLHttpRequest (Ajax) to contact an external website without their cooperation. Either they need to allow it by setting the appropriate headers or they need to provide an alternative such as JSONP.

 

What you can do is proxy the request via your server by using PHP and cURL to contact the other site then having your Ajax code communicate with your PHP script instead of the other site directly.

[mouseywings]

Will CURL allow me to hit their webpage without them having to set out any headers?

[mouseywings]

You cannot use XMLHttpRequest (Ajax) to contact an external website without their cooperation. Either they need to allow it by setting the appropriate headers or they need to provide an alternative such as JSONP.

 

What you can do is proxy the request via your server by using PHP and cURL to contact the other site then having your Ajax code communicate with your PHP script instead of the other site directly.

 

I'm trying to do my research, but I can't see if cURL allows you to access that domain without them changing their headers and accepting our domain to talk to theirs. I didn't know if you knew if you could do it without them having to issue something.. or if there was a nice tutorial on how to go about doing this.

[CroNiX]

A CURL request is basically a normal web request, so the site will send whatever headers it normally sends as if you were visiting the site in your browser. Nothing special needs to be sent on their end like you do with the Access-Control-Allow-Origin using AJAX for cross-site requests.