mouseywings Posted October 21, 2014 Share Posted October 21, 2014 I want to know how to hit a webpage that is not on your domain. I am doing an AJAX request right now, but receiving the following error in my console: XMLHttpRequest cannot load https://bpb.opendns.com/a/www.playboy.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://filter.localhost' is therefore not allowed access. The site I'm trying to hit does this weird cookie thing. I already spoke with their web administrator and he said the first time they access that site, it sets the cookie so they have to refresh in order to see if they can bypass a webpage they are trying to access.. I'm not sure if there is anyway to go about doing this since I can't go the AJAX route. But I don't have the capability of refreshing the user once they go on that page since it's not under my server or whatever. The only thing I could think of was AJAX which is not an option now. <?php include('scripts/config.php'); //Declare Variables $filter = new Filter(); $byPasscode = $filter->getBypassCode(); $openDns = "https://bpb.opendns.com/a/" . $_GET['url']; echo 'Redirecting...'; ?> <html> <head></head> <body> <form method="post" name="bypassForm" id="bypassForm" action="<?php echo $openDns ?>" style="display:none"> <input type="text" size="15" name="textBypassCode" id="textBypassCode" autocomplete="off" value="<?php echo $byPasscode; ?>" /> <input type="password" size="15" name="passwordBypassCode" id="passwordBypassCode" style="display:none;" value="<?php echo $byPasscode; ?>" /> <input type="hidden" name="code" id="bypassCode" value="<?php echo $byPasscode; ?>" /> <input type="submit" value="Continue" /> </form> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> <script type="text/javascript"> //setTimeout(function(){ var textBypassCode = $('#textBypassCode').val(); var passwordBypassCode = $('#passwordBypassCode').val(); var bypassCode = $('#bypassCode').val(); $.ajax({ type: 'POST', url: $('#bypassForm').attr('action'), data: { textBypassCode: textBypassCode, passwordBypassCode: passwordBypassCode, bypassCode: bypassCode } }) .done(function(data) { //$('#bypassForm').submit(); }); //}, 3000); </script> </body> </html> Up above you can see my code. Thanks for any other options that you may think of. Quote Link to comment https://forums.phpfreaks.com/topic/291962-hit-page-without-actually-going-to-page-thats-not-on-your-domain/ Share on other sites More sharing options...
darkfreaks Posted October 21, 2014 Share Posted October 21, 2014 f I understood it right you are doing an XMLHttpRequest to a different domain than your page is on. So the browser is blocking it as it usually allows a request in the same origin for security reasons. Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions. example of how to do an offsite request using CORS: http://www.html5rocks.com/en/tutorials/cors/ Quote Link to comment https://forums.phpfreaks.com/topic/291962-hit-page-without-actually-going-to-page-thats-not-on-your-domain/#findComment-1494312 Share on other sites More sharing options...
mouseywings Posted October 21, 2014 Author Share Posted October 21, 2014 The thing is is that they aren't going to add headers on their side just for our website.. I looked into that, but both parties need to be in communication. Quote Link to comment https://forums.phpfreaks.com/topic/291962-hit-page-without-actually-going-to-page-thats-not-on-your-domain/#findComment-1494319 Share on other sites More sharing options...
darkfreaks Posted October 21, 2014 Share Posted October 21, 2014 have you tried adding the header? response.addHeader("Access-Control-Allow-Origin","*"); // allows all domains Quote Link to comment https://forums.phpfreaks.com/topic/291962-hit-page-without-actually-going-to-page-thats-not-on-your-domain/#findComment-1494322 Share on other sites More sharing options...
mouseywings Posted October 21, 2014 Author Share Posted October 21, 2014 Don't you have to add that to the domain you are trying to reach? It's apart of their domain. I would never be able to get them to look into the code or whatever because it's a huge company. Quote Link to comment https://forums.phpfreaks.com/topic/291962-hit-page-without-actually-going-to-page-thats-not-on-your-domain/#findComment-1494324 Share on other sites More sharing options...
kicken Posted October 21, 2014 Share Posted October 21, 2014 You cannot use XMLHttpRequest (Ajax) to contact an external website without their cooperation. Either they need to allow it by setting the appropriate headers or they need to provide an alternative such as JSONP. What you can do is proxy the request via your server by using PHP and cURL to contact the other site then having your Ajax code communicate with your PHP script instead of the other site directly. Quote Link to comment https://forums.phpfreaks.com/topic/291962-hit-page-without-actually-going-to-page-thats-not-on-your-domain/#findComment-1494334 Share on other sites More sharing options...
mouseywings Posted October 21, 2014 Author Share Posted October 21, 2014 Will CURL allow me to hit their webpage without them having to set out any headers? Quote Link to comment https://forums.phpfreaks.com/topic/291962-hit-page-without-actually-going-to-page-thats-not-on-your-domain/#findComment-1494343 Share on other sites More sharing options...
mouseywings Posted October 22, 2014 Author Share Posted October 22, 2014 You cannot use XMLHttpRequest (Ajax) to contact an external website without their cooperation. Either they need to allow it by setting the appropriate headers or they need to provide an alternative such as JSONP. What you can do is proxy the request via your server by using PHP and cURL to contact the other site then having your Ajax code communicate with your PHP script instead of the other site directly. I'm trying to do my research, but I can't see if cURL allows you to access that domain without them changing their headers and accepting our domain to talk to theirs. I didn't know if you knew if you could do it without them having to issue something.. or if there was a nice tutorial on how to go about doing this. Quote Link to comment https://forums.phpfreaks.com/topic/291962-hit-page-without-actually-going-to-page-thats-not-on-your-domain/#findComment-1494369 Share on other sites More sharing options...
CroNiX Posted October 22, 2014 Share Posted October 22, 2014 A CURL request is basically a normal web request, so the site will send whatever headers it normally sends as if you were visiting the site in your browser. Nothing special needs to be sent on their end like you do with the Access-Control-Allow-Origin using AJAX for cross-site requests. Quote Link to comment https://forums.phpfreaks.com/topic/291962-hit-page-without-actually-going-to-page-thats-not-on-your-domain/#findComment-1494396 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.