aspose file tools*
The moose likes HTML, CSS and JavaScript and the fly likes Thoughts on cross-domain XHR? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "Thoughts on cross-domain XHR?" Watch "Thoughts on cross-domain XHR?" New topic
Author

Thoughts on cross-domain XHR?

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42906
    
  69
I'm looking into a problem where cross-origin XHR would make our lives a lot simpler. Firefox 3.5 supports it, but I'm having a hard time determining the support -current or planned- in other browsers. Is anybody using it, and has experiences or insights to share? I'd be interested in how well it works already, in which browser versions, and what your general impression on the whole thing is. (For this particular problem, the servers at both domains are under our control, so setting appropriate HTTP headers is not a problem.)
Eric Pascarello
author
Rancher

Joined: Nov 08, 2001
Posts: 15376
    
    6
The problem here is if you support it, you will always have to maintain two code bases to handle older browsers unless you know your app will only be used by a select few people and control their enviornment.

I always thought a serverside proxy was the best solution for handling this stuff. It is a few lines of code. Other option is JSONP which I use in code at my job for internal applications.

I did write a blog post about X-Domain XHR awhile back and what evil I could do with it: http://radio.javaranch.com/pascarello/2009/09/01/1251781828060.html

You can read about some of the security stuff here: http://www.w3.org/TR/2008/WD-access-control-20080912/

I know FF3.5 and IE8 do have support, but for the others,I have no clue who is doing what to support it.

Eric
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42906
    
  69
After doing some more research, it seems that JSONP is a better choice for the particular application at hand (which doesn't need so much interaction with a server, but rather a one-time loading of some data).

In general, cross-domain XHR is supported on Firefox 3.5, Safari 4, Chrome 2 and IE 8 (which uses a slightly different API called XDomainRequest ). I didn't find info about Opera, and couldn't be bothered to install it to find out.

Here's some info about detecting support for cross-domain XHR in JavaScript: http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Thoughts on cross-domain XHR?