Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Thoughts on cross-domain XHR?

 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm looking into a problem where cross-origin XHR would make our lives a lot simpler. Firefox 3.5 supports it, but I'm having a hard time determining the support -current or planned- in other browsers. Is anybody using it, and has experiences or insights to share? I'd be interested in how well it works already, in which browser versions, and what your general impression on the whole thing is. (For this particular problem, the servers at both domains are under our control, so setting appropriate HTTP headers is not a problem.)
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The problem here is if you support it, you will always have to maintain two code bases to handle older browsers unless you know your app will only be used by a select few people and control their enviornment.

I always thought a serverside proxy was the best solution for handling this stuff. It is a few lines of code. Other option is JSONP which I use in code at my job for internal applications.

I did write a blog post about X-Domain XHR awhile back and what evil I could do with it: http://radio.javaranch.com/pascarello/2009/09/01/1251781828060.html

You can read about some of the security stuff here: http://www.w3.org/TR/2008/WD-access-control-20080912/

I know FF3.5 and IE8 do have support, but for the others,I have no clue who is doing what to support it.

Eric
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After doing some more research, it seems that JSONP is a better choice for the particular application at hand (which doesn't need so much interaction with a server, but rather a one-time loading of some data).

In general, cross-domain XHR is supported on Firefox 3.5, Safari 4, Chrome 2 and IE 8 (which uses a slightly different API called XDomainRequest ). I didn't find info about Opera, and couldn't be bothered to install it to find out.

Here's some info about detecting support for cross-domain XHR in JavaScript: http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic