Hello! There was a question: let's say from another site, by referring to www.example.com/example, the object {"x": 3} is given. Is it really impossible to get this object using javascript without authorization and dancing with tambourines? Why, just by following the link, I calmly see this object, but I cannot pull it into my script and work with it? There is a feeling that I do not understand something.

I tried this:

var x = new XMLHttpRequest(); x.open('GET', 'https://example.com/example'); alert( x.responseText );

How far am I from the truth?

  • Read the article: ru.wikipedia.org/wiki/Cross-origin_resource_sharing - MasterAlex
  • I saw, does not fit, on another site / server I can not add anything. - enki
  • @enki, there are quite a few ways to circumvent this policy - from JSONP to frames and so on. Google it! - user207618
  • JSONP as I understand it works if the server sends the function, and I have an unnamed object. I will upload it to the script tags, upload it to the page, and pick up how? - enki

1 answer 1

Policy restrictions on other domains, protocols, and even ports .
For security reasons.
A good solution is given in the article recommended by @MasterAlex - click me .
Restrictions do not give anyone not to be lazy to inject into your code and do nasty things or even hack.