Databases
StackOverflow2013
Postsdbo
POWhy do some cross-domain JSON-requests fail but others don't?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POWhy do some cross-domain JSON-requests fail but others don't?
    text
    copied!<p>I have a little trouble understanding the security bit around JSON, because often things that in theory should not work, seemingly do. AFAIK, calls from a script on a page that resides on domain A, are not supposed to be able receive data from a domain B. But in the code below the calls to one external domain fail, whereas another goes through. And neither one are packed JSON calls (jsonp).</p> <p>Why is this? Should not both be disallowed from getting through the browser security checks? I get the same results in Chrome and Firefox. If I host the below html-page on dropbox.com, Chrome gives me this error message:</p> <blockquote> <p>XMLHttpRequest cannot load <a href="http://www.odinfond.no/rest/fund/calc/fundReturn?&amp;id=300&amp;oneTimeInvestment=100000&amp;oneTimeInvestmentDate=2009-11-01&amp;endDate=2010-11-01&amp;currency=NOK" rel="nofollow">http://www.odinfond.no/rest/fund/calc/fundReturn?&amp;id=300&amp;oneTimeInvestment=100000&amp;oneTimeInvestmentDate=2009-11-01&amp;endDate=2010-11-01&amp;currency=NOK</a>. Origin <a href="http://dl.dropbox.com" rel="nofollow">http://dl.dropbox.com</a> is not allowed by Access-Control-Allow-Origin.</p> </blockquote> <p>The JSON response I would have gotten if the call went through can be seen by clicking <a href="http://www.odinfond.no/rest/fund/calc/fundReturn?&amp;id=300&amp;oneTimeInvestment=100000&amp;oneTimeInvestmentDate=2009-11-01&amp;endDate=2010-11-01&amp;currency=NOK" rel="nofollow">this direct link</a>. The call to the other service returns successfully. I host the below code on dropbox. <a href="http://dl.dropbox.com/u/514315/test_json.html" rel="nofollow">Try it out here.</a></p> <pre><code>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt; &lt;html xmlns="http://www.w3.org/1999/xhtml"&gt; &lt;head&gt; &lt;meta http-equiv="Content-type" content="text/html;charset=UTF-8" /&gt; &lt;title&gt;JSON/JSONP test&lt;/title&gt; &lt;script src="jquery.js" type="text/javascript"&gt;&lt;/script&gt; &lt;/head&gt; &lt;body&gt; &lt;script&gt; service = 'http://www.odinfond.no/rest/fund/calc/fundReturn?'; parameters = { id: '300', oneTimeInvestment:'100000', oneTimeInvestmentDate:'2009-11-01', endDate:'2010-11-01', currency:'NOK' } $.getJSON( service, parameters, function(data) { alert("Success"); }); service = 'http://ws.geonames.org/postalCodeLookupJSON?' parameters = { postalcode:1540, country:'NO' } $.getJSON(service, parameters, function(data) { alert(data.postalcodes[0].adminName2); }); &lt;/script&gt; &lt;p&gt;Use Firebug to see JSON response&lt;/p&gt; &lt;/body&gt; &lt;/html&gt; </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload