Can’t overcome same-origin-policy restriction for HTTP POST by XHR/JSONP

I’m writing this down with the above title, just to save time to many others who try to take advantage of jQuery excellent XHR API and try to submit a form (HTTP POST) across domains.

The button line – you can’t do a cross-domain XHR HTTP POST request.
When using the JSONP support of jQuery it it doesn’t fail, but simply translates the POST request into a GET.

So


$.post ('//external.domain.com, "callback=?");

Simply becomes identical to

$.get ('//external.domain.com', "callback=?");

What you should do is do a standard HTTP form submit into a hidden iframe.

I hope this post saved time to others, as I’ve just wasted 2 hours on that.
You can read more here: http://www.markhneedham.com/blog/2009/08/27/jquery-post-jsonp-and-cross-domain-requests/

This all came up while I was hacking a bit around http://www.appboxjs.com – you should try it too.

Comments

comments

3 thoughts on “Can’t overcome same-origin-policy restriction for HTTP POST by XHR/JSONP”

  1. I use CORS and a fallback code for browsers that don’t support it yet (IE, Opera). Not sure if you can do it in your case.

Leave a Reply