Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > XML HTTP Request Object Use With Cross-Domain Scripting

Reply
Thread Tools

XML HTTP Request Object Use With Cross-Domain Scripting

 
 
Winston Smith, American Patriot
Guest
Posts: n/a
 
      11-16-2011
[previously posted in mozilla.support.firefox, where one responder
recommended posting it to a low traffic group mozilla.dev.extensions]



I ran into an issue where my interactive web document presents a form to the
user, and the form processes the user input by making an HTTP request to a
server with a scientific database, that is NOT the same server that served
the interactive web document (this is apparently the cross-domain problem).

The Firefox browser does not alert the developer/user of this violation in a
helpful way. When one initializes the XmlHttpRequest object in the usual
way (calls to .open() method, calls to .setRequestHeader() method, then
finally the .send() method), the XmlHttpRequest.readyState attains a value
of 4 (the COMPLETE condition), but the XmlHttpRequest.status value is ZERO
instead of the expected 3-digit HTTP status value (preferably 200 in a
successfully completed HTTP request). In going through Google search
results to answer my "WTF is going on" question, the cross-domain security
issue came up. I then used IE9, and sure enough, it at least reported a
PERMISSION error at the call to the XmlHttpRequest.open() method.

I have two questions.

(1) Numerous methods of the XmlHttpRequest object do not return values to
indicate success (true) or failure (false) with respect to execution of the
method. The mechanism of informing the caller of an error in using the
method appears to be the throwing of exceptions, according to a "standard"
regarding the XmlHttpRequest object found at W3C. Thus to detect errors---
or rather exceptions---in the use of object methods, it is sensible to make
method calls in try/catch blocks (correct?). Like so:

try {
requestObject.open(method, url, isSetAsynchronous);
} catch (exception) {
if (console && console.log) // if Firebug is working
console.log("Exception raised @ open() method" +
" to XML HTTP Request object\n" + exception.toString());
else
alert("Exception raised @ open() method to" +
" XML HTTP Request object\n" + exception.toString());
}
try {
requestObject.setRequestHeader("Content-Type",
"application/x-www-form-urlencoded");
} catch (exception) {
// same use of Firebug console.log() or alert() as above
}

Curiously, whereas IE9 stopped at an .open() method call when it was NOT
wrapped in try/catch, it does not execute the catch block code that I can
see but instead steps through it (apparently executing the try block
statement successfully??) and then stops on the .setRequestHeader() method
call that follows it. When that gets wrapped in try/catch block, it then
steps over that to the next .setRequestHeader() call in the code again not
wrapped in try/catch and stops on that. Firefox, which did not adequately
note the exception anyway but still returns readyState == COMPLETE and
status == 0, does not run the catch block either.

(2) Even if I solve this problem above, it does not address the workarounds
to the cross-domain problem. HTTP clients should allow users to give
scripts permission to get around the cross-domain problem, as it seems they
did in the past. There is a lot of confusing information about workarounds
to the cross-domain problem with changing HTML versions it seems. Does
anyone know of the definitive resource or explanation on the use of the
XmlHttpRequest object and how to troubleshoot its use in development?
 
Reply With Quote
 
 
 
 
Denis McMahon
Guest
Posts: n/a
 
      11-16-2011
On Wed, 16 Nov 2011 15:51:02 +0000, Winston Smith, American Patriot wrote:

> (2) Even if I solve this problem above, it does not address the
> workarounds to the cross-domain problem.


The work around to the cross domain problem is easy. Use an
xtmlHTTPRequest request to your own server, and use curl on your server
to interrogate the other domain.

Rgds

Denis McMahon
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
urllib2.Request:: http Request sending successfully, but Responsecontains in valid data. nRk Python 1 02-12-2009 12:53 AM
examples on jibbering.com leave me unclear how XML HTTP Request object expects urls to look Jake Barnes Javascript 7 01-28-2006 03:25 PM
Using a Scripting Language as Your Scripting Language DaveInSidney Python 0 05-09-2005 03:13 AM
Python is the best and most popular general purpose scripting language; the universal scripting language Ron Stephens Python 23 04-12-2004 05:32 PM
Re: Accessing Request.InputStream / Request.BinaryRead *as the request is occuring*: How??? Brian Birtle ASP .Net 2 10-16-2003 02:11 PM



Advertisments