Information
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

XDomainRequest object

Represents a cross-domain Asynchronous JavaScript and XML (AJAX) request.

Internet Explorer 8

Members

The XDomainRequest object has these types of members:

Events

The XDomainRequest object has these events.

EventDescription
onerror

Raised when there is an error that prevents the completion of the cross-domain request.

onload

Raised when the object has been completely received from the server.

onprogress

Raised when the browser starts receiving data from the server.

ontimeout

Raised when there is an error that prevents the completion of the request.

 

Methods

The XDomainRequest object has these methods.

MethodDescription
abort

The abort method terminates a pending send.

abort

Cancels the current HTTP request.

open (XDomainRequest)

Creates a connection with a domain's server.

send (XDomainRequest)

Transmits a data string to the server for processing.

 

Properties

The XDomainRequest object has these properties.

PropertyDescription

constructor

Returns a reference to the constructor of an object.

contentType

Gets the Content-Type property in the HTML request or response header.

responseText

Retrieves the response body as a string.

timeout

Gets or sets the time-out value.

 

Standards information

There are no standards that apply here.

Remarks

The XDomainRequest object is a safe, reliable, and lightweight data service that allows script on any document to anonymously connect to any server and exchange data. Developers can use the XDomainRequest object when cross-site security is not an issue.

Security Warning:   Cross-domain requests ("XDRs") are anonymous to protect user data. This means that servers cannot easily determine who is requesting data. To protect user privacy, respond with cross-domain data that is neither sensitive nor personally identifiable. To help prevent intranet data from being leaked to malicious Internet sites, we discourage intranet sites from making XDR data available.

Cross-domain requests require mutual consent between the document and the server. You can initiate a cross-domain request by creating an XDomainRequest (XDR) object with the window object, and opening a connection to a domain.

The document will request data from the domain's server by sending an Origin header with the value of the origin. It will only complete the connection if the server responds with an Access-Control-Allow-Origin header of either * or the exact URL of the requesting document. This behavior is part of the World Wide Web Consortium (W3C)'s Web Application Working Group's draft framework on client-side cross-domain communication that the XDomainRequest object integrates with.

For example, a server's Active Server Pages (ASP) page might include the following response header:


<% Response.AddHeader("Access-Control-Allow-Origin","*") %>

Cross domain requests can only be sent and received from a document to URLs in the following zones:

From Document \ To URLIntranetTrusted(Intranet)Trusted(Internet)InternetRestricted
IntranetAllowAllowAllowAllowDeny
Trusted(Intranet)AllowAllowAllowAllowDeny
Trusted(Internet)DenyDenyAllowAllowDeny
InternetDenyDenyAllowAllowDeny
RestrictedDeny DenyDenyDenyDeny

 

The XDR protocol only works with the http:// and https:// protocols.

To use the XDR protocol, you first create an XDomainRequest object. Then you use the open method to establish a connection with a server. Once a connection is opened, the send method transmits data strings to the server for processing. For example:


// 1. Create XDR object: 
var xdr = new XDomainRequest(); 

// 2. Open connection with server using GET method:
xdr.open("get", "http://www.contoso.com/xdr.aspx");

// 3. Send string data to server:
xdr.send();

Examples

The following example sends an empty message to a server of your choice. You can select a timeout value (default 10000 msec) when sending the request. When you click the Get button, the script creates a XDomainRequest, assigns event handlers, and initiates the request. Script alerts indicate how the request is progressing. Click the Stop button to cancel the request, or the Read button to view additional properties of the response, such as contentType and responseText.


      
<!DOCTYPE html>

<html>
<body>
  <h2>XDomainRequest</h2>
  <input type="text" id="tbURL" value="http://www.contoso.com/xdr.txt" style="width: 300px"><br>
  <input type="text" id="tbTO" value="10000"><br>
  <input type="button" onclick="mytest()" value="Get">&nbsp;&nbsp;&nbsp;
    <input type="button" onclick="stopdata()" value="Stop">&nbsp;&nbsp;&nbsp;
    <input type="button" onclick="readdata()" value="Read">
  <br>
  <div id="dResponse"></div>
  <script>
    var xdr;
    function readdata()
    {
      var dRes = document.getElementById('dResponse');
      dRes.innerText = xdr.responseText;
      alert("Content-type: " + xdr.contentType);
      alert("Length: " + xdr.responseText.length);
    }
    
    function err()
    {
      alert("XDR onerror");
    }

    function timeo()
    {
      alert("XDR ontimeout");
    }

    function loadd()
    {
      alert("XDR onload");
      alert("Got: " + xdr.responseText);
    }

    function progres()
    {
      alert("XDR onprogress");
      alert("Got: " + xdr.responseText);
    }

    function stopdata()
    {
      xdr.abort();
    }

    function mytest()
    {
      var url = document.getElementById('tbURL');
      var timeout = document.getElementById('tbTO');
      if (window.XDomainRequest)
      {
        xdr = new XDomainRequest();
        if (xdr)
        {
          xdr.onerror = err;
          xdr.ontimeout = timeo;
          xdr.onprogress = progres;
          xdr.onload = loadd;
          xdr.timeout = tbTO.value;
          xdr.open("get", tbURL.value);
          xdr.send();
        }
        else
        {
          alert("Failed to create");
        }
      }
      else
      {
        alert("XDR doesn't exist");
      }
    }
  </script>
</body>
</html>

See also

window
XMLHttpRequest

 

 

Show:
© 2014 Microsoft. All rights reserved.