This is a PHP script that allows javascript clients to request content they otherwise would not be able to. With the popularity of AJAX (using the XmlHttpRequest object in the browser), many developers are becoming aware of the cross-domain scripting limitation. This is a security feature that prevents client-side scripts from accessing content on domains other than the current website domain.

My PHP Proxy is the solution. Simply place this PHP script on your PHP-enabled webserver. Then have your javascript make cross-domain requests through the proxy. Simple, fast, elegant--a perfect solution.

PHP Proxy makes use of my class_http object. Details and code available at http://www.troywolf.com/articles. Full source for PHP Proxy is below.

//          FILE: proxy.php
// LAST MODIFIED: 2006-03-23
//        AUTHOR: Troy Wolf <troy@troywolf.com>
//   DESCRIPTION: Allow scripts to request content they otherwise may not be
//                able to. For example, AJAX (XmlHttpRequest) requests from a
//                client script are only allowed to make requests to the same
//                host that the script is served from. This is to prevent
//                "cross-domain" scripting. With proxy.php, the javascript
//                client can pass the requested URL in and get back the
//                response from the external server.
//         USAGE: "proxy_url" required parameter. For example:
//                http://www.mydomain.com/proxy.php?proxy_url=http://www.yahoo.com

// proxy.php requires Troy's class_http. http://www.troywolf.com/articles
// Alter the path according to your environment.

$proxy_url = isset($_GET['proxy_url'])?$_GET['proxy_url']:false;
if (!$proxy_url) {
    header("HTTP/1.0 400 Bad Request");
    echo "proxy.php failed because proxy_url parameter is missing";

// Instantiate the http object used to make the web requests.
// More info about this object at www.troywolf.com/articles
if (!$h = new http()) {
    header("HTTP/1.0 501 Script Error");
    echo "proxy.php failed trying to initialize the http object";

$h->url = $proxy_url;
$h->postvars = $_POST;
if (!$h->fetch($h->url)) {
    header("HTTP/1.0 501 Script Error");
    echo "proxy.php had an error attempting to query the url";

// Forward the headers to the client.
$ary_headers = split("\n", $h->header);
foreach($ary_headers as $hdr) { header($hdr); }

// Send the response body to the client.
echo $h->body;
10 Years
Discussion Span
Last Post by umakantp

Thanks for this code. i keep getting this error :

Cannot modify header information - headers already sent by

Warning: Cannot modify header information - headers already sent by (output started at /proxy/class_http.php:409) in /proxy/proxy.php on line 49

could u help me fix it.Thanks


The instruction wasn't clear but I was able to figure it out. Make sure there're no extra lines below the end line.

What you should do is:
1) create a file called proxy.php. Copy the code content above into that page.
2) create a file called class_http.php. Copy the code content for that file in this page.

modify the client side xmlhttp code, replace the direct url such as

xmlhttp.open("GET", "http://www.xyz.com/somexml.xml", true);


xmlhttp.open("GET", "http://www.yourdomain.com/proxy.php?proxy_url=www.xyz.com/somexml.xml", true);


As a rule of thumb you cannot directly access the javascript from one domain to the other. However you can pass messages and data across which can then accordingly trigger events in the javascript.

One way is to the use a proxy in between the two domains and relay an AJAX request to the other domain through the proxy. A detailed article on it is on http://www.mabaloo.com/Web-Development/Pear-HTTP-Request-A-Cross-Domain-AJAX-focused-tutorial.html

Another way which does not involve a proxy but uses Iframes is by using the URL hash.


Thanks, helped me... is there any easy solution to restrict this proxy for some urls only?



I use this proxy for SOAP calls from a javascript page, but my response should be XML and I get the HTML descriptor instead.

going through or using the proxy changes the response from the remote service. I sense that the proxy can't handle the XML response.

so using proxy response is HTML descriptor http://www.webservicex.net/stockquote.asmx

without proxy I get the desired XML
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<GetQuoteResponse xmlns="http://www.webserviceX.NET/">
<GetQuoteResult><![CDATA[<StockQuotes><Stock><Symbol>IBM</Symbol><Last>92.51</Last><Date>1/29/2009</Date><Time>4:01pm</Time><Change>-2.31</Change><Open>93.58</Open><High>94.58</High><Low>92.02</Low><Volume>9234105</Volume><MktCap>124.0B</MktCap><PreviousClose>94.82</PreviousClose><PercentageChange>-2.44%</PercentageChange><AnnRange>69.50 - 130.93</AnnRange><Earns>8.926</Earns><P-E>10.62</P-E><Name>INTL BUSINESS MAC</Name></Stock></StockQuotes>]]></GetQuoteResult>


For some reason some text from the fields and text from the confirmation coming back from the proxy is being lost. I am struggling trying to make a captcha field send the proper data to the server but it cuts off the information being posted and the captcha doesnt match...can you help me?


If you're getting the error:

Cannot modify header information - headers already sent by

Add ob_start() to the beginning of the script.


proxy.php failed because proxy_url parameter is missing

how do i fix?

Edited by williamsimpson: n/a



someone recommended to me to just use

$content= file_get_contents('http://www.domain.com');
echo $content;

in order to get the content of that domain. That's quite a bit simpler than what is suggested here. Is there any problem with this solution??


This is good but i have found one more solution for cross domain
ajax which is done using just javascript

Edited by nav33n: Website snipped. Do not spam, advertise, plug your website, or engage in any other type of self promotion. Read forum rules.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.