0

I am using the following javascript code to intercept ajax calls:

XMLHttpRequest.prototype.realOpen = XMLHttpRequest.prototype.open;
var newOpen = function(method, url, async, user, password) {
    console.log("Intercepted open (" + url + ")");
    this.realOpen(method, url, async, user, password);
}
XMLHttpRequest.prototype.open = newOpen;

The javascript which performs the ajax calls and the above code are loaded from:
https://example.com/js/main.js
https://example.com/js/intercept.js

The above code works well when the domain for ajax call is just "example.com", but when the ajax call is made for the domain "sub.example.com" the above code is not able to intercept that request.

Does anybody know why it would not work?

Improve this question
3
  • what do you mean "not work", it's a cross domain request, there should be an exception when doing so. Commented Dec 4, 2012 at 17:54
  • No there are no error/exception on the console. By "not work" I mean there the ajax request for "sub.example.com" is not intercepted, I don't see the console.log entry for it. I know that it is requested for sure as I am proxying all browser traffic through Fiddler. Commented Dec 4, 2012 at 18:50
  • CORS consists of two requests, first to check if the other page allows the request from current domain, then send the actual request in the second one. So if you only see one, there is a problem. Commented Dec 4, 2012 at 19:02

1 Answer 1

Reset to default
1

It seems that you are victim of the same origin policy, as example.com and sub.example.com are considered two different domains.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I see, so if I add an iframe with the same script having document.domain set to "sub.example.com" for the iframe, will it work then.
Yes, but then you'll have to figure out how to communicate between the main window and the iframe (using techniques such as cross-domain messaging). Also, techniques like CORS or JSONP bypass the cross-domain issue, but they are not supported in all browsers or servers.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.