I am very confused with the XMLHttpRequest and the XDomainRequest reincarnation and would like some help. So here are my findings:
This list is by no means complete and as I said it is based on my findings. However, here is where the confusion starts. I have an application where via Ajax I must:
Now for all the above reasons I cannot do this with the XDomainRequest:
Nevertheless if in IE8 and IE9 I instantiate a XMLHttpRequest disregarding all these checks described here, all is working fine!!! OK I do not get the onload event and I am not sure what is the story with the "withcredentials" but IE8 and IE9 seems to have no problem using the XMLHttpRequest for cross domain. But why? Aren't all these contradictory? I am just trying to make some sense of this issue as I am afraid that using the XMLHttpRequest in IE8 and IE9 may come back and bite at some point. Could I ask for a clear example when someone can use the one and not the other? Even better, was there ever any update to IE8 and IE9 that addressed the problem?
Any help will be greatly appreciated Yiannis
First note this:
IE11 deprecates the XDomainRequest object and it is not available in IE11 Edge mode.
1) What is XDomainRequest and why IE has this object? Several years ago then XMLHTTPRequest 2
spec was developing by W3C all browsers build level 2 over XMLHTTPRequest
level 1 Microsoft create the XDomainRequest
. So XDomainRequest is not a subclass, this is a non-standard IE feature.
2) Yes, XDomainRequest lacks the "withCredentials". Because:
In order to prevent misuse of the user’s ambient authority (e.g. cookies, HTTP credentials, client certificates, etc), the request will be stripped of cookies and credentials and will ignore any authentication challenges or Set-Cookie directives in the HTTP response. XDomainRequests will not be sent on previously-authenticated connections, because some Windows authentication protocols (e.g. NTLM/Kerberos) are per-connection-based rather than per-request-based.
4)
As of 2014, XDomainRequest doesn't appear to send any Content-Type header at all. It's not clear to me when this changed.
And etc. And so on... I post this answer just for history.
Do not use XDomainRequest. This is ugly&bugly non-standard feature.
More info here:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With