IE 8.0 Supports Cross-Domain Requests

Zen Master: Want  hotdog with everything.
HotDog Stand Owner: OK Buddy, here ya go. That'll be $20.00.
Zen Master: Here twenty dollar bill.
HotDog Stand Owner: That'll do it, pal. Have a great day!
Zen Master: What about change?
HotDog Stand Owner: Ah, change... must come from within!

 

This is an area where I (and many others) have been quite vocal in complaining. If you can point the src property of a <script... tag at another domain, and said script can basically do anything it wants, then why can't you make an XmlHttpRequest to another domain (other than the one from which the page emanated)?

It's certainly an inconsistent application of the notion of security, at a minimum.

So in Internet Explorer 8.0 you have the new IHTMLXDomainRequest Interface.

Here's how it works, in a nutshell:

Cross-domain requests ("XDR", for short) require mutual consent between the webpage and the server. You can initiate a cross-domain request in your webpage by creating an XDomainRequest object off the window object, and then opening a connection to a particular domain. The browser will request data from the domain's server by sending an "XDomainRequest: 1" header.  It will only complete the connection if the server responds with an "XDomainRequestAllowed" header with the value "1" (for true). 

For example, a page might have this code, which would allow XDomain requests:

Response.AppendHeader("XDomainRequestAllowed","1");

Here is a short client script sample of how a request would be made:

// 1. Create XDR object
xdr = new XDomainRequest();
// 2. Open connection with server using POST method
xdr.open("POST", "http://www.othersite.com/xdrhandler.aspx");
// 3. Send string data to server
xdr.send( myStringData);

 

The result comes back in the responseText property, and there are some simple events:

xdr.onerror

xdr.ontimeout

xdr.onprogress

xdr.onload

xdr.timeout

And, aside from the requirement for the headers as described above, that's pretty much the whole deal.

You can look at the standard MSDN style documentation for all this here.

Comments

Post a Comment

Popular posts from this blog

Some observations on Script Callbacks, "AJAX", "ATLAS" "AHAB" and where it's all going.

I've taken a more than cursory interest in the whole Remote Scripting (.NET species) vs. AJAX and now ATLAS discussion, mostly because I started using Remote Scripting since Microsoft first released it, and because I continued to refine it after seeing Brent Ashley's excellent work with JSRS, which was one of the first "real" cross-browser solutions back in 2000 (that's the turn of the Century for you history buffs). Now Bertrand Leroy, a Microsoft guy whose work I like , has authored some very interesting ASP.NET 2.0 script callback stuff that he points to on his blog, and he is obviously (at least, to me he is) involved quite heavily in the development of this new ATLAS infrastructure that they'll preview at PDC. Leroy's most recent post brings to the surface what I agree are the major differences between the "AJAX a - la .NET" approach as popularized by Michael Swartz with his AJAX.NET library, and Leroy's RefreshPanel, the ASP.NET 2.0 b
Read more

IE7 - Vista: "Internet Explorer has stopped Working"

Image
This one was a bitch. All of a sudden for no reason at all, out of the blue, I get this dialog "internet Explorer has stopped working". I didn't install any new software, crap- I didn't do anything! So here I am using FIREFART to go on the internet and find out what to do! Damn! Good thing I've got the sucker on the same machine (I'm not "anti-Firefox", i just don't use it that much except to check my page renderings). The Fix The fix (at least for me): 1) Go into Control Panel, and choose "Internet Options". 2) Under the "Advanced" tab, press the "RESET" button at the lower right: Don't ask me why this happens, or why the fix works. That's a BUG, D00D - I don't care how you slice it!
Read more

FIREFOX / IE Word-Wrap, Word-Break, TABLES FIX

One of the most annoying things a developer (who would normally delight in writing code, not futzing with markup) can have is getting rendering issues between different browsers. The two biggest players are of course Internet Exploder and Firefart (as I lovingly like to refer to each). In most cases that's going to take care of 98 percent of your total site traffic. IE has had a proprietary "word-break" style attribute for a long time, and this made it into the CSS 3.0 spec. But that doesn't necessarily help you with Firefox right now. Firefox literally - (and I consider this completely idiotic, since it's been in their bug database for FIVE YEARS) does not have a reliable CSS style element to force table cell content to break in the middle of a word in order to stop the content from expanding your table / div off the page or over other content on the page. Here's a partial fix, which will work for most tables and browsers. The style declaration (I call it m
Read more