PHP Proxy Solution for cross-domain AJAX scripting

Troy 0 6K Views

This is a PHP script that allows javascript clients to request content they otherwise would not be able to. With the popularity of AJAX (using the XmlHttpRequest object in the browser), many developers are becoming aware of the cross-domain scripting limitation. This is a security feature that prevents client-side scripts from accessing content on domains other than the current website domain.

My PHP Proxy is the solution. Simply place this PHP script on your PHP-enabled webserver. Then have your javascript make cross-domain requests through the proxy. Simple, fast, elegant--a perfect solution.

PHP Proxy makes use of my class_http object. Details and code available at http://www.troywolf.com/articles. Full source for PHP Proxy is below.

<?php
//          FILE: proxy.php
//
// LAST MODIFIED: 2006-03-23
//
//        AUTHOR: Troy Wolf <troy@troywolf.com>
//
//   DESCRIPTION: Allow scripts to request content they otherwise may not be
//                able to. For example, AJAX (XmlHttpRequest) requests from a
//                client script are only allowed to make requests to the same
//                host that the script is served from. This is to prevent
//                "cross-domain" scripting. With proxy.php, the javascript
//                client can pass the requested URL in and get back the
//                response from the external server.
//
//         USAGE: "proxy_url" required parameter. For example:
//                http://www.mydomain.com/proxy.php?proxy_url=http://www.yahoo.com
//

// proxy.php requires Troy's class_http. http://www.troywolf.com/articles
// Alter the path according to your environment.
require_once("class_http.php");

$proxy_url = isset($_GET['proxy_url'])?$_GET['proxy_url']:false;
if (!$proxy_url) {
    header("HTTP/1.0 400 Bad Request");
    echo "proxy.php failed because proxy_url parameter is missing";
    exit();
}

// Instantiate the http object used to make the web requests.
// More info about this object at www.troywolf.com/articles
if (!$h = new http()) {
    header("HTTP/1.0 501 Script Error");
    echo "proxy.php failed trying to initialize the http object";
    exit();
}

$h->url = $proxy_url;
$h->postvars = $_POST;
if (!$h->fetch($h->url)) {
    header("HTTP/1.0 501 Script Error");
    echo "proxy.php had an error attempting to query the url";
    exit();
}

// Forward the headers to the client.
$ary_headers = split("\n", $h->header);
foreach($ary_headers as $hdr) { header($hdr); }

// Send the response body to the client.
echo $h->body;
?>
Member Avatar for method007
method007 0 Newbie Poster

Thanks for this code. i keep getting this error :


Cannot modify header information - headers already sent by


Warning: Cannot modify header information - headers already sent by (output started at /proxy/class_http.php:409) in /proxy/proxy.php on line 49

could u help me fix it.Thanks

Member Avatar for tedqn
tedqn 0 Newbie Poster

The instruction wasn't clear but I was able to figure it out. Make sure there're no extra lines below the end line.
?>

What you should do is:
1) create a file called proxy.php. Copy the code content above into that page.
2) create a file called class_http.php. Copy the code content for that file in this page.

modify the client side xmlhttp code, replace the direct url such as

xmlhttp.open("GET", "http://www.xyz.com/somexml.xml", true);

to

xmlhttp.open("GET", "http://www.yourdomain.com/proxy.php?proxy_url=www.xyz.com/somexml.xml", true);

Member Avatar for girish13
girish13 0 Newbie Poster

As a rule of thumb you cannot directly access the javascript from one domain to the other. However you can pass messages and data across which can then accordingly trigger events in the javascript.

One way is to the use a proxy in between the two domains and relay an AJAX request to the other domain through the proxy. A detailed article on it is on http://www.mabaloo.com/Web-Development/Pear-HTTP-Request-A-Cross-Domain-AJAX-focused-tutorial.html

Another way which does not involve a proxy but uses Iframes is by using the URL hash.
http://www.mabaloo.com/Web-Development/Cross-Domain-Message-Passing-using-Iframe.html

Member Avatar for falstaff
falstaff 0 Newbie Poster

Thanks, helped me... is there any easy solution to restrict this proxy for some urls only?

Member Avatar for soapguy
soapguy 0 Newbie Poster

IDEAS?

I use this proxy for SOAP calls from a javascript page, but my response should be XML and I get the HTML descriptor instead.

going through or using the proxy changes the response from the remote service. I sense that the proxy can't handle the XML response.

so using proxy response is HTML descriptor http://www.webservicex.net/stockquote.asmx

without proxy I get the desired XML
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<GetQuoteResponse xmlns="http://www.webserviceX.NET/">
<GetQuoteResult><![CDATA[<StockQuotes><Stock><Symbol>IBM</Symbol><Last>92.51</Last><Date>1/29/2009</Date><Time>4:01pm</Time><Change>-2.31</Change><Open>93.58</Open><High>94.58</High><Low>92.02</Low><Volume>9234105</Volume><MktCap>124.0B</MktCap><PreviousClose>94.82</PreviousClose><PercentageChange>-2.44%</PercentageChange><AnnRange>69.50 - 130.93</AnnRange><Earns>8.926</Earns><P-E>10.62</P-E><Name>INTL BUSINESS MAC</Name></Stock></StockQuotes>]]></GetQuoteResult>
</GetQuoteResponse>
</soap:Body>
</soap:Envelope>

Member Avatar for udelojf
udelojf 0 Newbie Poster

For some reason some text from the fields and text from the confirmation coming back from the proxy is being lost. I am struggling trying to make a captcha field send the proper data to the server but it cuts off the information being posted and the captcha doesnt match...can you help me?

Member Avatar for digital-ether
digital-ether 399 Nearly a Posting Virtuoso

If you're getting the error:

Cannot modify header information - headers already sent by

Add ob_start() to the beginning of the script.

Member Avatar for williamsimpson
williamsimpson 0 Newbie Poster

proxy.php failed because proxy_url parameter is missing


how do i fix?

Edited by williamsimpson because: n/a
Member Avatar for tompk
tompk 0 Newbie Poster

Hi,

someone recommended to me to just use

<?php
$content= file_get_contents('http://www.domain.com');
echo $content;
?>

in order to get the content of that domain. That's quite a bit simpler than what is suggested here. Is there any problem with this solution??

Member Avatar for ractour
ractour 0 Newbie Poster

Hi, i try to use the proxy with:"http://www.mydomain.org/php/proxy.php?proxy_url=http://www.google.com/search?q=hello+world" and it doesn't work, but if i try with :"http://www. mydomain.org/php/proxy.php?proxy_url=http://www.google.com/search?q=hello" its all right.

Some body can help me?
thanks

Edited by ractour because: n/a
Member Avatar for umakantp
umakantp 0 Newbie Poster

This is good but i have found one more solution for cross domain
ajax which is done using just javascript
<snipped>

Edited by nav33n because: Website snipped. Do not spam, advertise, plug your website, or engage in any other type of self promotion. Read forum rules.
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Edit Preview