403 Forbidden on JSONP request
Question
There is a domain I don't control which returns JSON data -- going to http://services.example.com/search?store=ITUNES&q=twitter yields something like
{
MySearch: {
resultCount: 1
results: [
{ name: "twitter" }
]
}
}
When I try to get it with jsonp from another domain, such as from my own computer (using jQuery) --
$.ajax({
url: 'http://services.example.com/search?store=ITUNES&q=twitter',
dataType: 'jsonp',
success: function(data) {
console.log('hi');
}
});
I get "Status Code: 403 Forbidden".
Here are the server response headers:
Connection:keep-alive
Content-Length:9
Content-Type:text/plain
Date:Thu, 05 Jan 2012 20:33:04 GMT
Server:WEBrick/1.3.1 (Ruby/1.9.3/2011-10-30)
X-Frame-Options:sameorigin
Is there any way I can get this data without making any server-side changes?
2 answers
solution1
-2 2012-01-06 03:39:37
Try the below snippet. Remember that the entire response will be stored as an object in the console and you can simply reference each key-value pair with data[i], etc.
var jServices = jQuery.noConflict();
jServices.ajaxSetup({
contentType: "application/jsonp; charset=UTF-8"
});
jServices.getJSON("http://services.joppio.com/services/search?session=AF8990-34GDC-03345&store=ITUNES&pos=0&cnt=10&q=twitter", function (data) {
console.log(data);
});
Hope it solves your problem.
solution2
-3 ACCPTED 2012-01-05 23:23:52
This is due to the browser's cross origin resource sharing policy .
To enable this you'd have to have the origin add special headers to "preflight" your request. Else, the JSONP tactic would allow you to access data across domains, but it has to actually be JSONP and not just JSON.
Here's an example on how to enable cross-domain resource sharing in PHP:
<?php
header('Access-Control-Allow-Origin: http://sub.domain.com');
header('Access-Control-Allow-Credentials: true' );
?>
As you said, unfortunately I think this is out of your control. In fact, the security mechanisms are in place in part to prevent stuff like this from happening (ie sapping another servers resources by consuming it's JSON).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.