Cross Domain GET Forwarding

Avatar of Chris Coyier
Chris Coyier on (Updated on )

When you do an AJAX request on a website, the URL you request from needs to reside on the same domain as where the request was made from. This is a security restriction imposed by the browser. There is a way to sneak around this by using a bit of a “man in the middle” approach.

PHP, being a server-side language, has the ability to pull content from any URL. So a PHP file can become the man in the middle. The contents of the PHP file can be set up to accept a URL as a parameter and then return the contents of that URL.


    echo file_get_contents($_GET['url']);
    // WARNING: You REALLY should write something to whitelist or otherwise limit what the function will accept, or it could be a security danger to your server (people could read any file).


With that in place, we can do an AJAX request directly to that URL, passing it the URL we actually want the data from as a parameter. See how we are passing “” as data below.

<script type='text/javascript' src=''></script>
<script type='text/javascript'>
    $(function() {
            type: "GET",
            dataType: 'html',
            data: 'url=',
            url: 'get.php',
            success: function(data){
                // Yah! Do something cool with data
            error: function(){
                // Boo! Handle the error.

This is an extremely simple example. If you are interested in a more robust version, check out the Simple PHP Proxy.