AJAX Cross Site (XSS) JSONP Object Exchange between Client and Serverskript in PHP
Hi,
I try to exchange a variable and an object between client and diffrent servers. I created the small example below. If I call the localhost server everything works fine. The same serverskript is not working and the object is null if the server is somewhere else than localhost, but the variable event is passed well.
Here the answers:
localhost:
onSuccess({"gleich":true,"eventObject Event":"start","event":"start","team":null,"First":null,"eventObject":{"minute":10,"event":"start","person":{"first":"Vor","last":"Nach","nr":"3"}}})
server from diffrent llocation:
onSuccess({"gleich":false,"eventObject Event":null,"event":"start","team":null,"First":null,"eventObject":null})
The question is why is the eventObject null???
All I wanna do is to send information as json Objects to the server, handle this information (store in database and so on) and send an answer back to the client and handle it there.
I also tried to use JSON.stringify as well as json_decode and json_encode on the server site which results in diffrent issues with \" answers not parseable by the standard functions.
Thanks for the answer!
Here the Code example:
HTML & jQuery JS:
<!DOCTYPE html>
<html>
<head>
<title>Jsonp- Minibeispiel</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<script src="Js/jquery-1.10.2.min.js"></script>
<script type="text/javascript">
$.noConflict();
jQuery(document).ready(function($){
var server = Array();
server[0] = "http://localhost/JsonpMini/";
server[1] = "http://DiffrentServer.de/AJ/";
person = {
"first" : "Vor",
"last" : "Nach",
"nr" : "3"
};
eventObject = {
"minute": 10,
"event": "start",
"person" : person
};
$('#jsonp').click(function() {
alert("Begin");
for(key in server) {
// alert(key + " " + server[key]);
$.ajax({
type: "GET",
url : server[key]+"/server.php",
dataType: "jsonp",
jsonpCallback: "onSuccess",
data: {
event: 'start',
eventObject : JSON.stringify(eventObject)
// eventObject : eventObject
},
success: onSuccess
});
}
alert("End");
});
/**
* AJAX-Response auswerten
*/
function onSuccess(content) {
// alert("Da" + content);
alert(content.event);
alert(content.eventObject.minute);
alert(content.eventObject.person.first);
// Das empfangene Objekt wird wieder zum Objekt geparst
// var response = $.parseJSON(content);
/*var evO = $.parseJSON(content.eventObject);
alert(evO.event);
*/
}
});
</script>
</head>
<body>
<button id="jsonp" type="button">Start</button>
<div id="serverAnswer"></div>
</body>
</html>
And the PHP Skript which answers the AJAX- Request on both the localhost and the server:
<?php
header('Access-Control-Allow-Origin: *');
$callback = isset($_GET['callback']) ? preg_replace('/[^a-z0-9$_]/si', '', $_GET['callback']) : false;
header('Content-Type: ' . ($callback ? 'application/javascript' : 'application/json') . ';charset=UTF-8');
$eventObject = json_decode($_GET['eventObject']);
$event = $_GET['event'];
$gleich = ($eventObject->event==$event);
$data = array('gleich' => $gleich, 'eventObject Event' => $eventObject->event, 'event' => $event, "team" => $eventObject->team, "First" => $eventObject->player1->first, "eventObject" =>$eventObject);
echo ($callback ? $callback . '(' : '') . json_encode($data) . ($callback ? ')' : '');
?>