Cross Domain GET Forwarding

Avatar of Chris Coyier
Chris Coyier on (Updated on )

When you do an AJAX request on a website, the URL you request from needs to reside on the same domain as where the request was made from. This is a security restriction imposed by the browser. There is a way to sneak around this by using a bit of a “man in the middle” approach.

PHP, being a server-side language, has the ability to pull content from any URL. So a PHP file can become the man in the middle. The contents of the PHP file can be set up to accept a URL as a parameter and then return the contents of that URL.

<?php

    echo file_get_contents($_GET['url']);
    // WARNING: You REALLY should write something to whitelist or otherwise limit what the function will accept, or it could be a security danger to your server (people could read any file).

?>

With that in place, we can do an AJAX request directly to that URL, passing it the URL we actually want the data from as a parameter. See how we are passing “http://google.com” as data below.

<script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js?ver=1.3.2'></script>
<script type='text/javascript'>
    $(function() {
       $.ajax({
            type: "GET",
            dataType: 'html',
            data: 'url=http://google.com',
            url: 'get.php',
            success: function(data){
                // Yah! Do something cool with data
            },
            error: function(){
                // Boo! Handle the error.
            }
        }); 
    });
</script>

This is an extremely simple example. If you are interested in a more robust version, check out the Simple PHP Proxy.