Một giải pháp: Thực hiện được nhưng chậm (vì dữ liệu phải trung chuyển qua 1 server) và tăng tải server:

AJAX has become the core component of many web applications around us. And its fairly easy to handle AJAX now a days, with the help of various javascript libraries (ex: jQuery, Prototype, Mootools, YUI, etc). But there is one security issue that web browsers impose in doing AJAX calls - they don’t let you do AJAX calls in web servers different than yours. That means, if your script is in www.mydomain.com and you’re trying to do AJAX call to www.anotherdomain.com/get.php, then the browser will through error like: “Error: uncaught exception: Permission denied to call method XMLHttpRequest.open”.

Now, there are a number of solutions to this problem. Instead of explaining them all to you, lemme provide you the simplest one: using a PHP transport file. If you already know the thing and just need the script, download from here.

Others, let’s see an example implementation first.

Example use

1: xmlHttp.onreadystatechange=function()

2: {

3: if(xmlHttp.readyState==4)

4: {

5: alert(xmlHttp.responseText);

6: }

7: }

8:

9: xmlHttp.open(“GET”, ‘http://myserver.com/transport.php?action=’ +

10: urlencode(‘different-server.com/return_call.php’) +

11: ‘&method=get&data11&data2=pass’, true );

12:

13: xmlHttp.send(null);

Now, lets see how it works:

1. The script makes an AJAX call to the myserver.com/transport.php with a few parameters:

* action = the target URL you need to fetch, from a different domain

* method = the HTTP method (post/get)

* data1, data2 = sample parameters for using as either query-string or POST fields

2. When the request is received by transport.php, it uses cURL to make a call to the page mentioned in action.

3. Based on the method, it either makes a GET request or a POST request. In both cases, it sends the extra parameters that are sent.
# After the response is received, transport.php echoes it. So, you have what you need!

Mã nguồn transport.php:

/**
* Transport for Cross-domain AJAX calls

*

* This is an implementation of a transport channel for utilizing cross-domain

* AJAX calls. This script is passed the data through AJAX along with two special

* hidden field containing the action URL and the http method (GET/POST). It then

* sends the form fields to that URL and returns the response.

*

* @package CrossDomainAjax

* @category CURL

* @author Md Emran Hasan

* @link http://www.phpfour.com

*/

// The actual form action
$action = $_REQUEST['url'];

// Submission method
$method = $_REQUEST['method'];

// Query string
$fields = '';

// Prepare the fields for query string, don't include the action URL OR method

if (count($_REQUEST) > 2)
{

foreach ($_REQUEST as $key => $value)
{

if ($key != 'url' || $key != 'method')
{

$fields .= $key . '=' . rawurlencode($value) . '&';

}

}

}

// Strip the last comma

$fields = substr($fields, 0, strlen($fields) - 1);

// Initiate cURL

$ch = curl_init();

// Do we need to POST of GET ?

if (strtoupper($method) == 'POST')
{

curl_setopt($ch, CURLOPT_URL, $action);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);

}

else

{
curl_setopt($ch, CURLOPT_URL, $action . '?' . $fields);

}

// Follow redirects and return the transfer

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

// Get result and close cURL

$result = curl_exec($ch);

curl_close($ch);

// Return the response

echo $result;

?>

Monday, June 11, 2007
Enabling Cross-Domain AJAX in Firefox

Tonight I have finally conquered one of the biggest annoyances of the past year for me (in terms of development at least). Developing web applications with Firefox is a pleasure because of the firebug extension. Nothing comes close in Safari. Unfortunately, Firefox doesn't allow cross-domain XMLHttpRequests for security reasons. While good security is a plus, this restriction can make development and testing a real chore. For those of us willing to risk the security vulnerability, here is how to bypass the cross-domain restriction once and for all:

1. Close Firefox

2. Edit the file prefs.js in your Firefox user profile folder

3. Add the following line anywhere in the file

user_pref("capability.policy.default.XMLHttpRequest.open", "allAccess");

4. Save the file and re-open Firefox. You can now risk your life and limb by doing XHR's to whatever domains you want - congratulations!

(Nguồn: http://blog.dirolf.com/2007/06/enabling-cross-domain-ajax-in-firefox.htm...)

Một số cách khác: Xem các trang web http://www.mabaloo.com/Web-Development/Pear-HTTP-Request-A-Cross-Domain-... và http://www.mabaloo.com/Web-Development/Cross-Domain-Message-Passing-usin...