How to make working XHR cross domain request - I've tried 'Script Tag Hack' but it doesn't work or I'm doing something wrong. Any suggestions?
I would like to call script in domain A from B.
domain A: [index.html]
<head>
<script type="text/javascript" src="https://evilDomain/xhrTest.js"></script>
</head>
domain B: [xhrTest.js]
$.ajax({
url: "https://evilDomain/processRequest",
success: function(result){
alert(result);
}
});
edited:
I've also tried to use JSONP in this way:
$.ajax({
url: "https://evilDomain/processRequest",
dataType: "jsonp",
success: function(result){
alert(result);
}
});
I'm using TOMCAT container, is the solution connected with Access-Control-Allow-Origin header?
Usually, you would ask your server to do the request for you.
The other option is to let someone else do that for you (such as Yahoo's service).
Your problem is that domain B's code is still executed in the context of domain A.
Hence, https://evilDomain/processRequest still cannot be read because the code is executing as domain A even if in truth it came from domain B.