Home/ Questions/Q 8564867
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T17:17:38+00:00

I am trying to do cross site ajax using tinyproxy as a reverse proxy.

  • 0

I am trying to do cross site ajax using tinyproxy as a reverse proxy. Here is the setup:

  • A desktop system running gentoo linux. Ip address is x.x.x.x. Boa (web server, port 80) and tinyproxy (http proxy, port 8888) is running on this system.

Here are the test files:

======= a.html ======

<html>
  <head>
    <meta charset="UTF-8" />
    <title>Ajax test</title>
  </head>
  <body>
    <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>
    <script type="text/javascript" src="a.js"></script>
  </body>
</html>

======= a.js ========

$(document).ready( function() {

    function error_func()
    {
        alert("error occurred");
    }

    function ajax_func(data)
    {
        alert("ajax received");
    }

    $.get("http://x.x.x.x:8888/outside/xyz.txt", ajax_func).error(error_func);

});

I have configured tinyproxy so that http://x.x.x.x:8888/outside/ will go to http://www.outside.com/. I control that domain and I have placed a text file there, xyz.txt, with the “test string” in it.

Now, when I put the following url into firefox: x.x.x.x:8888/xyz.txt, everything works and I see the “test string” displayed in the browser window. But when I put x.x.x.x/a.html into firefox, I get the “error occurred” dialog box. I have tried this on IE, Safari, Firefox, and Chrome and I get the “error occurred” dialog in all of them.

Please note that I am aware of the “same origin policy”, that’s why I am using tinyproxy to get around that limitation.

I used wireshark on the gentoo linux machine to watch the traffic. Everything looks ok. I see an HTTP transaction between firefox and x.x.x.x, then I see an HTTP transaction between x.x.x.x and “outside” and finally another HTTP transaction between x.x.x.x and firefox. The HTTP 200 OK includes the “test string” as expected. But still, jquery isn’t happy and I don’t get the “ajax received” dialog box…

One thing I am suspecting is the HTTP “Server” header. The x.x.x.x system says “Server: Boa”, but the final response has “Server: Apache”. Would I be violating the same origin policy because of this difference?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The same origin policy restricts access to the:

    • same host
    • same protocol
    • same port

    The same origin policy applies also to your case because you try to access x.x.x.x:8888 from x.x.x.x:80.

    you need to deliver the content also over the same port.

    • 0