XDomainRequest object
The XDomainRequest object has these types of members:
Events
The XDomainRequest object has these events.
| Event | Description |
|---|---|
| onerror |
Raised when there is an error that prevents the completion of the cross-domain request. |
| onload |
Raised when the object has been completely received from the server. |
| onprogress |
Raised when the browser starts receiving data from the server. |
| ontimeout |
Raised when there is an error that prevents the completion of the request. |
Methods
The XDomainRequest object has these methods.
| Method | Description |
|---|---|
| abort |
The abort method terminates a pending send. |
| abort |
Cancels the current HTTP request. |
| open (XDomainRequest) |
Creates a connection with a domain's server. |
| send (XDomainRequest) |
Transmits a data string to the server for processing. |
Properties
The XDomainRequest object has these properties.
| Property | Description |
|---|---|
|
Returns a reference to the constructor of an object. |
|
|
Gets the Content-Type property in the HTML request or response header. |
|
|
Retrieves the response body as a string. |
|
|
Gets or sets the time-out value. |
Standards information
There are no standards that apply here.
Remarks
The XDomainRequest object is a safe, reliable, and lightweight data service that allows script on any document to anonymously connect to any server and exchange data. Developers can use the XDomainRequest object when cross-site security is not an issue.
Security Warning: Cross-domain requests ("XDRs") are anonymous to protect user data. This means that servers cannot easily determine who is requesting data. To protect user privacy, respond with cross-domain data that is neither sensitive nor personally identifiable. To help prevent intranet data from being leaked to malicious Internet sites, we discourage intranet sites from making XDR data available.
Cross-domain requests require mutual consent between the document and the server. You can initiate a cross-domain request by creating an XDomainRequest (XDR) object with the window object, and opening a connection to a domain.
The document will request data from the domain's server by sending an Origin header with the value of the origin. It will only complete the connection if the server responds with an Access-Control-Allow-Origin header of either * or the exact URL of the requesting document. This behavior is part of the World Wide Web Consortium (W3C)'s Web Application Working Group's draft framework on client-side cross-domain communication that the XDomainRequest object integrates with.
For example, a server's Active Server Pages (ASP) page might include the following response header:
<% Response.AddHeader("Access-Control-Allow-Origin","*") %>
Cross domain requests can only be sent and received from a document to URLs in the following zones:
| From Document \ To URL | Intranet | Trusted(Intranet) | Trusted(Internet) | Internet | Restricted |
|---|---|---|---|---|---|
| Intranet | Allow | Allow | Allow | Allow | Deny |
| Trusted(Intranet) | Allow | Allow | Allow | Allow | Deny |
| Trusted(Internet) | Deny | Deny | Allow | Allow | Deny |
| Internet | Deny | Deny | Allow | Allow | Deny |
| Restricted | Deny | Deny | Deny | Deny | Deny |
The XDR protocol only works with the http:// and https:// protocols.
To use the XDR protocol, you first create an XDomainRequest object. Then you use the open method to establish a connection with a server. Once a connection is opened, the send method transmits data strings to the server for processing. For example:
// 1. Create XDR object:
var xdr = new XDomainRequest(); // 2. Open connection with server using GET method:
xdr.open("get", "http://www.contoso.com/xdr.aspx"); // 3. Send string data to server:
xdr.send();
Examples
The following example sends an empty message to a server of your choice. You can select a timeout value (default 10000 msec) when sending the request. When you click the Get button, the script creates aXDomainRequest, assigns event handlers, and initiates the request. Script alerts indicate how the request is progressing. Click the Stop button to cancel the request, or the Read button to view additional properties of the response, such as contentType and responseText.
<!DOCTYPE html> <html>
<body>
<h2>XDomainRequest</h2>
<input type="text" id="tbURL" value="http://www.contoso.com/xdr.txt" style="width: 300px"><br>
<input type="text" id="tbTO" value="10000"><br>
<input type="button" onclick="mytest()" value="Get">
<input type="button" onclick="stopdata()" value="Stop">
<input type="button" onclick="readdata()" value="Read">
<br>
<div id="dResponse"></div>
<script>
var xdr;
function readdata()
{
var dRes = document.getElementById('dResponse');
dRes.innerText = xdr.responseText;
alert("Content-type: " + xdr.contentType);
alert("Length: " + xdr.responseText.length);
} function err()
{
alert("XDR onerror");
} function timeo()
{
alert("XDR ontimeout");
} function loadd()
{
alert("XDR onload");
alert("Got: " + xdr.responseText);
} function progres()
{
alert("XDR onprogress");
alert("Got: " + xdr.responseText);
} function stopdata()
{
xdr.abort();
} function mytest()
{
var url = document.getElementById('tbURL');
var timeout = document.getElementById('tbTO');
if (window.XDomainRequest)
{
xdr = new XDomainRequest();
if (xdr)
{
xdr.onerror = err;
xdr.ontimeout = timeo;
xdr.onprogress = progres;
xdr.onload = loadd;
xdr.timeout = tbTO.value;
xdr.open("get", tbURL.value);
xdr.send();
}
else
{
alert("Failed to create");
}
}
else
{
alert("XDR doesn't exist");
}
}
</script>
</body>
</html>
See also
XDomainRequest object的更多相关文章
- Enable Cross-Origin Requests in Asp.Net WebApi 2[Reprint]
Browser security prevents a web page from making AJAX requests to another domain. This restriction i ...
- Enabling Cross-Origin Requests in ASP.NET Web API 2
Introduction This tutorial demonstrates CORS support in ASP.NET Web API. We’ll start by creating two ...
- HTTP访问控制(CORS)
跨站 HTTP 请求(Cross-site HTTP request)是指发起请求的资源所在域不同于该请求所指向资源所在的域的 HTTP请求.比如说,域名A(http://domaina.exampl ...
- Cross-origin resource sharing--reference
Cross-origin resource sharing (CORS) is a mechanism that allows many resources (e.g., fonts, JavaScr ...
- HTTP Server to Client Communication
1. Client browser short polling The most simple solution, client use Ajax to sends a request to the ...
- 跨域资源共享(CORS)--跨域ajax
几年前,网站开发者都因为ajax的同源策略而撞了南墙.当我们惊叹于XMLHttpRequest对象跨浏览器支持所带来的巨大进步时,我们很快发现没有一个方法可以使我们用JavaScript实现请求跨域访 ...
- js中的跨域
因为javascript的同源策略,导致它普通情况下不能跨域,直到现在,我还是不能完全理解js跨域的几种方法,没办法,只能慢慢学习,慢慢积累,这不,几天又在园里看到一篇博文,有所收获,贴上来看看; 原 ...
- CoreCLR源码探索(一) Object是什么
.Net程序员们每天都在和Object在打交道 如果你问一个.Net程序员什么是Object,他可能会信誓旦旦的告诉你"Object还不简单吗,就是所有类型的基类" 这个答案是对的 ...
- JavaScript Object对象
目录 1. 介绍:阐述 Object 对象. 2. 构造函数:介绍 Object 对象的构造函数. 3. 实例属性:介绍 Object 对象的实例属性:prototype.constructor等等. ...
随机推荐
- 页面title改变浏览器兼容性问题
前一阵子客户在界面上改了下小小的需求,需要点不同的文章title显示不同的模块名称(之前没有区分,统一叫新闻图片),很简单的一个需求但是测试的时候并没有注意到不兼容IE7和IE8.在客户那被尴尬的发现 ...
- qbxt联赛集训d1t3
题意 给出一个长度为n的序列,求所有区间的区间最小值乘区间最大值的和.(n<=1e5) solution:
- bzoj2154: Crash的数字表格 莫比乌斯反演
题意:求\(\sum_{i=1}^n \sum_{j=1}^m\frac{i*j}{gcd(i,j)}\) 题解:\(ans=\sum_{i=1}^n\sum_{j=1}^m \frac{i*j}{g ...
- UVA-12304 Race(递推)
题目大意:求n个人比赛的所有可能的名次种数.比如:n=2时,有A第一B第二.B第一A第二.AB并列第一三种名次. 题目解析:既然是比赛,总有第一名.第一名的人数可能是i (1≤i≤n),则剩下待定的人 ...
- python 小练习 10
给你一个十进制数a,将它转换成b进制数,如果b>10,用大写字母表示(10用A表示,等等) a为32位整数,2 <= b <= 16 如a=3,b = 2, 则输出11 AC: di ...
- Awk 从入门到放弃 (8) 动作总结之三
awk continue 语句 awk exit 语句 awk if 语句 awk next 语句 awk break 语句
- SQL Server 自动化运维系列 - 多服务器数据收集和性能监控
需求描述 在生产环境中,很多情况下需要采集数据,用以定位问题或者形成基线. 关于SQL Server中的数据采集有着很多种的解决思路,可以采用Trace.Profile.SQLdiag.扩展事件等诸多 ...
- .Net在线编辑器:KindEditor及CkEditor+CkFinder配置说明
Net在线编辑器:KindEditor及CkEditor+CkFinder配置说明 一.KindEditor(免费) KindEditor是一套开源的HTML可视化编辑器,主要用于让用户在网站上获得所 ...
- ssh的配置,ssh打开密钥登陆,关闭密码登陆。
刚装玩fedora,那么我们就以fedora为例来说一下怎么配置: 1.先确认是否已安装ssh服务: [root@localhost ~]# rpm -qa | grep openssh-server ...
- Maven Spring BOM (bill of materials)
为了防止用Maven管理Spring项目时,不同的项目依赖了不同版本的Spring,可以使用Maven BOM来解决者一问题. 在依赖管理时,引入spring-framework-bom,如: < ...