PHP Proxy Solution for cross-domain AJAX scripting

Troy 0 Tallied Votes 6K Views Share

This is a PHP script that allows javascript clients to request content they otherwise would not be able to. With the popularity of AJAX (using the XmlHttpRequest object in the browser), many developers are becoming aware of the cross-domain scripting limitation. This is a security feature that prevents client-side scripts from accessing content on domains other than the current website domain.

My PHP Proxy is the solution. Simply place this PHP script on your PHP-enabled webserver. Then have your javascript make cross-domain requests through the proxy. Simple, fast, elegant--a perfect solution.

PHP Proxy makes use of my class_http object. Details and code available at Full source for PHP Proxy is below.

//          FILE: proxy.php
// LAST MODIFIED: 2006-03-23
//        AUTHOR: Troy Wolf <>
//   DESCRIPTION: Allow scripts to request content they otherwise may not be
//                able to. For example, AJAX (XmlHttpRequest) requests from a
//                client script are only allowed to make requests to the same
//                host that the script is served from. This is to prevent
//                "cross-domain" scripting. With proxy.php, the javascript
//                client can pass the requested URL in and get back the
//                response from the external server.
//         USAGE: "proxy_url" required parameter. For example:

// proxy.php requires Troy's class_http.
// Alter the path according to your environment.

$proxy_url = isset($_GET['proxy_url'])?$_GET['proxy_url']:false;
if (!$proxy_url) {
    header("HTTP/1.0 400 Bad Request");
    echo "proxy.php failed because proxy_url parameter is missing";

// Instantiate the http object used to make the web requests.
// More info about this object at
if (!$h = new http()) {
    header("HTTP/1.0 501 Script Error");
    echo "proxy.php failed trying to initialize the http object";

$h->url = $proxy_url;
$h->postvars = $_POST;
if (!$h->fetch($h->url)) {
    header("HTTP/1.0 501 Script Error");
    echo "proxy.php had an error attempting to query the url";

// Forward the headers to the client.
$ary_headers = split("\n", $h->header);
foreach($ary_headers as $hdr) { header($hdr); }

// Send the response body to the client.
echo $h->body;
method007 0 Newbie Poster

Thanks for this code. i keep getting this error :

Cannot modify header information - headers already sent by

Warning: Cannot modify header information - headers already sent by (output started at /proxy/class_http.php:409) in /proxy/proxy.php on line 49

could u help me fix it.Thanks

tedqn 0 Newbie Poster

The instruction wasn't clear but I was able to figure it out. Make sure there're no extra lines below the end line.

What you should do is:
1) create a file called proxy.php. Copy the code content above into that page.
2) create a file called class_http.php. Copy the code content for that file in this page.

modify the client side xmlhttp code, replace the direct url such as"GET", "", true);

to"GET", "", true);

girish13 0 Newbie Poster

As a rule of thumb you cannot directly access the javascript from one domain to the other. However you can pass messages and data across which can then accordingly trigger events in the javascript.

One way is to the use a proxy in between the two domains and relay an AJAX request to the other domain through the proxy. A detailed article on it is on

Another way which does not involve a proxy but uses Iframes is by using the URL hash.

falstaff 0 Newbie Poster

Thanks, helped me... is there any easy solution to restrict this proxy for some urls only?

soapguy 0 Newbie Poster


I use this proxy for SOAP calls from a javascript page, but my response should be XML and I get the HTML descriptor instead.

going through or using the proxy changes the response from the remote service. I sense that the proxy can't handle the XML response.

so using proxy response is HTML descriptor

without proxy I get the desired XML
<soap:Envelope xmlns:soap="" xmlns:xsi="" xmlns:xsd="">
<GetQuoteResponse xmlns="http://www.webserviceX.NET/">
<GetQuoteResult><![CDATA[<StockQuotes><Stock><Symbol>IBM</Symbol><Last>92.51</Last><Date>1/29/2009</Date><Time>4:01pm</Time><Change>-2.31</Change><Open>93.58</Open><High>94.58</High><Low>92.02</Low><Volume>9234105</Volume><MktCap>124.0B</MktCap><PreviousClose>94.82</PreviousClose><PercentageChange>-2.44%</PercentageChange><AnnRange>69.50 - 130.93</AnnRange><Earns>8.926</Earns><P-E>10.62</P-E><Name>INTL BUSINESS MAC</Name></Stock></StockQuotes>]]></GetQuoteResult>

udelojf 0 Newbie Poster

For some reason some text from the fields and text from the confirmation coming back from the proxy is being lost. I am struggling trying to make a captcha field send the proper data to the server but it cuts off the information being posted and the captcha doesnt match...can you help me?

digital-ether 399 Nearly a Posting Virtuoso Team Colleague

If you're getting the error:

Cannot modify header information - headers already sent by

Add ob_start() to the beginning of the script.

williamsimpson 0 Newbie Poster

proxy.php failed because proxy_url parameter is missing

how do i fix?

tompk 0 Newbie Poster


someone recommended to me to just use

$content= file_get_contents('');
echo $content;

in order to get the content of that domain. That's quite a bit simpler than what is suggested here. Is there any problem with this solution??

ractour 0 Newbie Poster

Hi, i try to use the proxy with:"" and it doesn't work, but if i try with :"http://www." its all right.

Some body can help me?

umakantp 0 Newbie Poster

This is good but i have found one more solution for cross domain
ajax which is done using just javascript

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.