When you do an AJAX request on a website, the URL you request from needs to reside on the same domain as where the request was made from. This is a security restriction imposed by the browser. There is a way to sneak around this by using a bit of a “man in the middle” approach.
PHP, being a server-side language, has the ability to pull content from any URL. So a PHP file can become the man in the middle. The contents of the PHP file can be set up to accept a URL as a parameter and then return the contents of that URL.
<?php echo file_get_contents($_GET['url']); // WARNING: You REALLY should write something to whitelist or otherwise limit what the function will accept, or it could be a security danger to your server (people could read any file). ?>
With that in place, we can do an AJAX request directly to that URL, passing it the URL we actually want the data from as a parameter. See how we are passing “http://google.com” as data below.
This is an extremely simple example. If you are interested in a more robust version, check out the Simple PHP Proxy.
Fine, until someone exploits it to read any file on your hard drive and find loopholes pretty quickly.
This is a major flaw, and this snippet should be removed.
James Padolsey made a cool Cross Domain AJAX Mod for jQuery. It uses YQL, which allows us to make cross domain GET Requests.