Home/ Questions/Q 9246383
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T09:28:27+00:00

I’m wondering if there is a JavaScript library, which overrides XMLHttpRequest and allows to

  • 0

I’m wondering if there is a JavaScript library, which overrides XMLHttpRequest and allows to transparently handle all cross-domain requests and seamlessly forward them over my same-origin server-side proxy.

What I want is to have a common solution, which could be used together with any JavaScript library to make cross-domain requests (e.g. with cross-domain jQuery.ajax()).

Are there any drawbacks to use such library (security problems, HTTPS access, etc.)?

Update:

If such library is already created by someone, than I just do not want to reinvent the wheel and handle all corner cases again.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you just need to redirect every request to a specific proxy you could simply write it yourself, something in the lines of

    XMLHttpRequest.prototype.oldOpen = XMLHttpRequest.prototype.open;
var newOpen = function(args) {
   //overwrite arguments changing the original url to the proxy one, 
   //and add a parameter/header to send the original url to the proxy
   this.oldOpen(args);    
}
XMLHttpRequest.prototype.open = newOpen;

    Since the proxy is in the same domain (if you want to allow x-domain proxy requests, just add the Access-Control-Allow-Origin header), it will not be sent any cookie of the remote domain (you won’t have them anyway, since x-domains cookies are blocked – as long as you don’t enter the field with the header Access-Control-Allow-Credentials).

    Some security implications are rather obvious:

    • you are proxying the request, and as such the proxy itself will have access to everything, regardless of the encryption
    • HTTPS handling will be demanded to the proxy (if the remote url is secure) and the client will not be able to (or, on the other hand, will not need to, if demanded to the proxy) directly verify the server certificates

    A more complex (same domain, to fully support cookies) proxy implementation could even provide basic session handling for cross domain requests rewriting the headers:

    1. Client requests http://www.remotedomain.com/querystring from http://www.mydomain.com without cookies
    2. Request is rewritten as proxy.mydomain.com/www.remotedomain.com/querystring

    3. The proxy makes a request to http://www.remotedomain.com/querystring which responds with the header

      Set-Cookie: name=value; path=/; expires Mon, 31-Dec-2012 23:59:59 GMT

    4. The client receive the response back with the header

      Set-Cookie: name=value; path=/www.remotedomain.com; expires Mon, 31-Dec-2012 23:59:59 GMT

    5. On the next request the client will send the cookie, and the proxy will just forward them to the remote service

    But I’m probably digressing too much. 🙂

    • 0