DaniWeb Forum Index > Web Development > PHP

PHP Proxy Solution for cross-domain AJAX scripting

Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases

Troy

Offline May 23rd, 2006, 4:51 pm |

This is a PHP script that allows javascript clients to request content they otherwise would not be able to. With the popularity of AJAX (using the XmlHttpRequest object in the browser), many developers are becoming aware of the cross-domain scripting limitation. This is a security feature that prevents client-side scripts from accessing content on domains other than the current website domain.

My PHP Proxy is the solution. Simply place this PHP script on your PHP-enabled webserver. Then have your javascript make cross-domain requests through the proxy. Simple, fast, elegant--a perfect solution.

PHP Proxy makes use of my class_http object. Details and code available at http://www.troywolf.com/articles. Full source for PHP Proxy is below.

Show Printable Version

Code Snippet

•

PHP Syntax

Toggle Plain Text

<?php
//          FILE: proxy.php
//
// LAST MODIFIED: 2006-03-23
//
//        AUTHOR: Troy Wolf <troy@troywolf.com>
//
//   DESCRIPTION: Allow scripts to request content they otherwise may not be
//                able to. For example, AJAX (XmlHttpRequest) requests from a
//                client script are only allowed to make requests to the same
//                host that the script is served from. This is to prevent
//                "cross-domain" scripting. With proxy.php, the javascript
//                client can pass the requested URL in and get back the
//                response from the external server.
//
//         USAGE: "proxy_url" required parameter. For example:
//                http://www.mydomain.com/proxy.php?proxy_url=http://www.yahoo.com
//
 
// proxy.php requires Troy's class_http. http://www.troywolf.com/articles
// Alter the path according to your environment.
require_once("class_http.php");
 
$proxy_url = isset($_GET['proxy_url'])?$_GET['proxy_url']:false;
if (!$proxy_url) {
    header("HTTP/1.0 400 Bad Request");
    echo "proxy.php failed because proxy_url parameter is missing";
    exit();
}
 
// Instantiate the http object used to make the web requests.
// More info about this object at www.troywolf.com/articles
if (!$h = new http()) {
    header("HTTP/1.0 501 Script Error");
    echo "proxy.php failed trying to initialize the http object";
    exit();
}
 
$h->url = $proxy_url;
$h->postvars = $_POST;
if (!$h->fetch($h->url)) {
    header("HTTP/1.0 501 Script Error");
    echo "proxy.php had an error attempting to query the url";
    exit();
}
 
// Forward the headers to the client.
$ary_headers = split("\n", $h->header);
foreach($ary_headers as $hdr) { header($hdr); }
 
// Send the response body to the client.
echo $h->body;
?>

Code Snippet Comments

method007

Offline | Feb 16th, 2007

•

Thanks for this code. i keep getting this error :

Cannot modify header information - headers already sent by

Warning: Cannot modify header information - headers already sent by (output started at /proxy/class_http.php:409) in /proxy/proxy.php on line 49

could u help me fix it.Thanks

tedqn

Offline | Sep 19th, 2007

•

The instruction wasn't clear but I was able to figure it out. Make sure there're no extra lines below the end line.
?>

What you should do is:
1) create a file called proxy.php. Copy the code content above into that page.
2) create a file called class_http.php. Copy the code content for that file in this page.

modify the client side xmlhttp code, replace the direct url such as

xmlhttp.open("GET", "http://www.xyz.com/somexml.xml", true);

to

xmlhttp.open("GET", "http://www.yourdomain.com/proxy.php?proxy_url=www.xyz.com/somexml.xml", true);

girish13

Offline | May 3rd, 2008

•

As a rule of thumb you cannot directly access the javascript from one domain to the other. However you can pass messages and data across which can then accordingly trigger events in the javascript.

One way is to the use a proxy in between the two domains and relay an AJAX request to the other domain through the proxy. A detailed article on it is on http://www.mabaloo.com/Web-Developme...-tutorial.html

Another way which does not involve a proxy but uses Iframes is by using the URL hash.
http://www.mabaloo.com/Web-Developme...ng-Iframe.html

falstaff

Offline | Jul 23rd, 2008

•

Thanks, helped me... is there any easy solution to restrict this proxy for some urls only?

soapguy

Offline | Jan 29th, 2009

•

IDEAS?

I use this proxy for SOAP calls from a javascript page, but my response should be XML and I get the HTML descriptor instead.

going through or using the proxy changes the response from the remote service. I sense that the proxy can't handle the XML response.

so using proxy response is HTML descriptor http://www.webservicex.net/stockquote.asmx

without proxy I get the desired XML
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<GetQuoteResponse xmlns="http://www.webserviceX.NET/">
<GetQuoteResult><![CDATA[<StockQuotes><Stock><Symbol>IBM</Symbol><Last>92.51</Last><Date>1/29/2009</Date><Time>4:01pm</Time><Change>-2.31</Change><Open>93.58</Open><High>94.58</High><Low>92.02</Low><Volume>9234105</Volume><MktCap>124.0B</MktCap><PreviousClose>94.82</PreviousClose><PercentageChange>-2.44%</PercentageChange><AnnRange>69.50 - 130.93</AnnRange><Earns>8.926</Earns><P-E>10.62</P-E><Name>INTL BUSINESS MAC</Name></Stock></StockQuotes>]]></GetQuoteResult>
</GetQuoteResponse>
</soap:Body>
</soap:Envelope>