Skip to content
Advertisement

Ajax URL appears blocked by company firewall

I am working on an ajax function that loads another page as a way to get around iframe limitations on Shopify. My issue seems to be that the URL is blocked or headers stripped. Nothing too complex, everything worked as I needed it to by using the following:

function get_report() {
     var params = {
        type: "GET",
        url: "https://example.com/mypage.php",
        dataType: 'html',
        success:function(html) {
			        $("#content_div").load("https://example.com/mypage.php");
             },
        error: function(XMLHttpRequest, textStatus) {
               alert('Error : ' +XMLHttpRequest.response);
             }
     };
       
       jQuery.ajax(params);
};
<button onclick="get_report()">Get</button>
<div id="content_div"></div>

This works through public networks with no problem. However, when my client uses it behind a company firewall it fails to load the page. Upon further inspection it appears that the site URL my php is hosted on cannot be loaded either (I cannot be there to physically confirm). Here is a sample of that page if its relevant:

<?php 
$allowedOrigins = [
    "https://myexample.com",
    "https://myexample2.com"
];

if (array_key_exists('HTTP_ORIGIN', $_SERVER)) { 
	$origin = $_SERVER['HTTP_ORIGIN']; 
} else if (array_key_exists('HTTP_REFERER', $_SERVER)) { 
	$origin = $_SERVER['HTTP_REFERER']; 
} else { 
	$origin = $_SERVER['REMOTE_ADDR']; 
}

if (in_array($origin, $allowedOrigins)) {
header("Access-Control-Allow-Origin: " .$origin);	
}
setcookie('cross-site-cookie', 'name', ['samesite' => 'None', 'secure' => true]);
?>

<!DOCTYPE HTML>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>TEST ALT IFRAME</title>
  </head>
  <body>	
    <div><?php echo "IT WORKS"; ?></div>
  </body>
</html>

What I know:

-Walked client through accessing chrome console, zero errors listed

-URL never loads when client tries to load it via browser

-Ajax never gives an error response

-Webmaster/IT team is unreachable (I have tried to contact them for at least 4 months)

What I’ve tried:

-Recently adding meta tags and !DOCTYPE (just in case)

-Validating both the iframe site and URL site with W3C

-Confirming both the iframe site and URL site work with VPN and public networks

-Checking for correct categorization on major network filtering groups (semantics, paleo-alto, etc) and set to ‘SAFE’.

My Question:

-How do I find out if the URL is blocked or the ajax request is being stripped?

-If the network is filtering my ajax URL am I at a dead end or is there another option?

Advertisement

Answer

How do I find out if the URL is blocked or the ajax request is being stripped?

If there’s a network error, you can respond to it in the error callback you pass to the AJAX call:

function get_report() {
     var params = {
        type: "GET",
        url: "https://example.com/mypage.php",
        dataType: 'html',
        success:function(html) {
                    $("#content_div").load("https://example.com/mypage.php");
             },
        error: function(XMLHttpRequest, textStatus) {
               // inspect XMLHttpRequest to determine if network error occurred
               alert('Error : ' +XMLHttpRequest.response);
             }
     };

       jQuery.ajax(params);
};

If the network is filtering my ajax URL am I at a dead end or is there another option?

You’re sort of at a dead end at the application level, unless you’re willing to do something really convoluted like have a third party service, that you know will not have firewall restrictions, request the page, and then forward it to a service that is accessible from behind that firewall. So the short answer is, no, not really (at least not practically)

User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement