This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes HTML, CSS and JavaScript and the fly likes Thoughts on cross-domain XHR? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "Thoughts on cross-domain XHR?" Watch "Thoughts on cross-domain XHR?" New topic

Thoughts on cross-domain XHR?

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
I'm looking into a problem where cross-origin XHR would make our lives a lot simpler. Firefox 3.5 supports it, but I'm having a hard time determining the support -current or planned- in other browsers. Is anybody using it, and has experiences or insights to share? I'd be interested in how well it works already, in which browser versions, and what your general impression on the whole thing is. (For this particular problem, the servers at both domains are under our control, so setting appropriate HTTP headers is not a problem.)
Eric Pascarello

Joined: Nov 08, 2001
Posts: 15385
The problem here is if you support it, you will always have to maintain two code bases to handle older browsers unless you know your app will only be used by a select few people and control their enviornment.

I always thought a serverside proxy was the best solution for handling this stuff. It is a few lines of code. Other option is JSONP which I use in code at my job for internal applications.

I did write a blog post about X-Domain XHR awhile back and what evil I could do with it:

You can read about some of the security stuff here:

I know FF3.5 and IE8 do have support, but for the others,I have no clue who is doing what to support it.

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
After doing some more research, it seems that JSONP is a better choice for the particular application at hand (which doesn't need so much interaction with a server, but rather a one-time loading of some data).

In general, cross-domain XHR is supported on Firefox 3.5, Safari 4, Chrome 2 and IE 8 (which uses a slightly different API called XDomainRequest ). I didn't find info about Opera, and couldn't be bothered to install it to find out.

Here's some info about detecting support for cross-domain XHR in JavaScript:
subject: Thoughts on cross-domain XHR?
It's not a secret anymore!