{{non-standard_header}}
Summary
XDomainRequest is an implementation of HTTP access control (CORS) that worked in Internet Explorer 8 and 9. It was removed in Internet Explorer 10 in favor of using XMLHttpRequest with proper CORS.
This interface can send both GET and POST requests.
Syntax
var xdr = new XDomainRequest();
Returns a new XDomainRequest
object, which can then be used to make and manage these requests.
Properties
- {{domxref("XDomainRequest.timeout")}}
- Gets or sets the amount of time until a request times out.
- {{domxref("XDomainRequest.responseText")}}
- Gets the response body as a string.
Methods
- {{domxref("XDomainRequest.open")}}
- Opens the request, specifing the method (GET/POST) and URL.
- {{domxref("XDomainRequest.send")}}
- Sends the request. POST data is specified in this method.
- {{domxref("XDomainRequest.abort")}}
- Aborts the request.
Event handlers
- {{domxref("XDomainRequest.onprogress")}}
- A handler for when the request has made progress between the send method call and the onload event.
- {{domxref("XDomainRequest.ontimeout")}}
- A handler for when the request times out.
- {{domxref("XDomainRequest.onerror")}}
- A handler for when a request has errored.
- {{domxref("XDomainRequest.onload")}}
- A handler for when the full response has been received from the server.
Example
if(window.XDomainRequest){ var xdr = new XDomainRequest(); xdr.open("get", "https://example.com/api/method"); xdr.onprogress = function () { //Progress }; xdr.ontimeout = function () { //Timeout }; xdr.onerror = function () { //Error Occured }; xdr.onload = function() { //success(xdr.responseText); } setTimeout(function () { xdr.send(); }, 0); }
Note: The xdr.send()
call is wrapped in a timeout (see {{domxref("window.setTimeout()")}} to prevent an issue with the interface where some requests are lost if multiple XDomainRequest
s are being sent at the same time.
Security
The XDomainRequest is built to be secure in multiple ways.
- The origin's security protocol must match that of the requested URL. (http to http, https to https). If these do not match, the request will error "Access is Denied".
- The requested URL's server must have the
Access-Control-Allow-Origin
header set to either all ("*") or to include the origin of the request.
Specification
This interface and its methods are non-standard.
Browser compatibility
{{ CompatibilityTable() }}
Feature | Chrome | Firefox (Gecko) | Internet Explorer | Opera | Safari |
---|---|---|---|---|---|
XDomainRequest | {{ CompatNo() }} | {{ CompatNo() }} | 8.0-9.x | {{ CompatNo() }} | {{ CompatNo() }} |
Feature | Android | Firefox Mobile (Gecko) | IE Mobile | Opera Mobile | Safari Mobile |
---|---|---|---|---|---|
XDomainRequest | {{ CompatNo() }} | {{ CompatNo() }} | {{ CompatUnknown() }} | {{ CompatNo() }} | {{ CompatNo() }} |
- Properties
- {{domxref("XDomainRequest.timeout")}}
- {{domxref("XDomainRequest.responseText")}}
- Methods
- {{domxref("XDomainRequest.open()")}}
- {{domxref("XDomainRequest.send()")}}
- {{domxref("XDomainRequest.abort()")}}
- Event handlers
- {{domxref("XDomainRequest.onprogress")}}
- {{domxref("XDomainRequest.ontimeout")}}
- {{domxref("XDomainRequest.onerror")}}
- {{domxref("XDomainRequest.onload")}}