Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does this Cross Domain ajax request work?

Tags:

javascript

ajax

xmlhttprequest

cross-domain

I'm looking at this question and in it is a link to http://hacks.mozilla.org/2011/03/the-shortest-image-uploader-ever/ which has the following code:

var fd = new FormData();
fd.append("image", file); // Append the file
fd.append("key", "6528448c258cff474ca9701c5bab6927");
// Get your own key: http://api.imgur.com/

// Create the XHR (Cross-Domain XHR FTW!!!)
var xhr = new XMLHttpRequest();
xhr.open("POST", "http://api.imgur.com/2/upload.json"); // Boooom!
xhr.onload = function() {
    // Big win!
    // The URL of the image is:
    JSON.parse(xhr.responseText).upload.links.imgur_page;
 }
 // Ok, I don't handle the errors. An exercice for the reader.
 // And now, we send the formdata
 xhr.send(fd);

How does this cross domain request work? I thought as a rule there are security restrictions that stop people from doing just this.

like image 845
qwertymk Avatar asked Jan 08 '12 04:01

qwertymk

2 Answers

The server is reponding with the Access-Control-Allow-Origin set to allow cross domain requests

Response Headers
Access-Control-Allow-Origin: *  
Cache-Control   max-age=604800
Connection  keep-alive
Content-Length  494
Content-Type    application/json

http://www.w3.org/TR/cors/#access-control-allow-origin-response-hea

http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors

like image 63
Nate Bolam Avatar answered Nov 02 '22 22:11

Nate Bolam

Imgur implements Cross-Origin Resource Sharing (CORS).

The CORS standard works by adding new HTTP headers that allow servers to serve resources to permitted origin domains. Browsers support these headers and enforce the restrictions they establish. Additionally, for HTTP request methods that can cause side-effects on user data (in particular, for HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers “preflight” the request, soliciting supported methods from the server with an HTTP OPTIONS request header, and then, upon “approval” from the server, sending the actual request with the actual HTTP request method. Servers can also notify clients whether “credentials” (including Cookies and HTTP Authentication data) should be sent with requests.

See http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/ for more information.

like image 41
Michelle Tilley Avatar answered Nov 02 '22 22:11

Michelle Tilley
Sign in to Comment

Related questions

How does GitHub to avoid lag / blink on page loading?
HTML5 Canvas filltext and font-face
Chrome History API problems
How can I mirror a Multidimmensional array in javascript?
JSON with function value with parameters
Examples of JavaScript RIAs with unit tests
Detect FN-Key on Mac using Javascript
Set a callback function inside a javascript class
Send MVC actionresult to printer
Liferay <liferay-ui:input-date> control
Having issues sending ® character through AJAX request
How to get configuration options programmatically?
Hide block (and remember it) with JavaScript and cookies?
what is the best way to determine a DIV's height before visible on the webpage?
Creating a start screen for a HTML5 Canvas Game?
window.onload function issue
Differences in regex patterns between JavaScript and Java?
JSON.Stringify() on big numbers alters the numeric value?
Waiting animation with html5 canvas
What is the best way to test javascript?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!