Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > javascript > answers

Which domain for XMLHttpRequest?

virtuPIC
Guest
  
Posts: n/a
#1: Oct 16 '06
Assume you want to provide functionality in JavaScript file 'f.js' to
be used by tag

<script src="f.js"></script>

Now 'f.js' contains XMLHttpRequest. If you use relative URL when
calling its method 'open' which domain does it access? If you use
absolute URL which domain is allowed?

I need that access is to the domain there 'f.js' rests. My browsers
(Firefox 1.5.0.7 and MSIE 6.0.2900...) consider the user's domain where
you find the script-tag the current one.

Tried to find articles covering this issue here - but couldn't find
any. However, Google Maps API seems to use this feature for geocoding.

virtuPIC

Leo Meyer
Guest
  
Posts: n/a
#2: Oct 16 '06

re: Which domain for XMLHttpRequest?

Now 'f.js' contains XMLHttpRequest. If you use relative URL when
Quote:
calling its method 'open' which domain does it access? If you use
absolute URL which domain is allowed?
According to my experience, browsers use the "same origin policy" to
determine which AJAX requests are allowed.
Google will tell you everything.

Regards,
Leo
Tom Cole
Guest
  
Posts: n/a
#3: Oct 16 '06

re: Which domain for XMLHttpRequest?


Leo Meyer wrote:
Quote:
Quote:
Now 'f.js' contains XMLHttpRequest. If you use relative URL when
calling its method 'open' which domain does it access? If you use
absolute URL which domain is allowed?
>
According to my experience, browsers use the "same origin policy" to
determine which AJAX requests are allowed.
Google will tell you everything.
Yes it's going to assume relative to the document that imported the
library, not the library's location. Remember it gets pulled and
processed in the client and is therefore going to use the document's
location when determining relative URLs.

If you hardcode the URL that's okay as long as it doesn't try to cross
domains from the one in the document.location.
Quote:
>
Regards,
Leo
virtuPIC
Guest
  
Posts: n/a
#4: Oct 16 '06

re: Which domain for XMLHttpRequest?

Yes it's going to assume relative to the document that imported the
Quote:
library, not the library's location. Remember it gets pulled and
processed in the client and is therefore going to use the document's
location when determining relative URLs.
>
If you hardcode the URL that's okay as long as it doesn't try to cross
domains from the one in the document.location.
Yes, I agree. However, there must be some solution. Google Maps API
provides geocoding using AJAX. Have a look at

http://www.google.com/apis/maps/docu...ClientGeocoder

I tried to find out, but Google Maps JavaScript is too obfuscated for
my taste. It uses XMLHttpRequest to access some URL different from
document.location of the file using the API. How does it work?

To make it run soon I will implement some connection using an invisible
IFRAME, but that won't be final.

Any help appreciated.
virtuPIC
VK
Guest
  
Posts: n/a
#5: Oct 16 '06

re: Which domain for XMLHttpRequest?

Have a look at
Quote:
>
http://www.google.com/apis/maps/docu...ClientGeocoder
>
I tried to find out, but Google Maps JavaScript is too obfuscated for
my taste. It uses XMLHttpRequest to access some URL different from
document.location of the file using the API. How does it work?
That is not about document.location to be the same. It must be the same
domain, where "domain" in the cross-domain issue means:

http://www.server.com
or
http://www:1234.server.com
so:
[protocol] [subdomain(s)] [port] [domain] [high-level domain]

where all parts must be the same (or equally not presented). After that
you can have as many differences as you want, but the smallest
difference in any of above parts will trig the cross-domain block (in
default security environment).

In this aspect Google is in the same sorry situation as anyone else, so
if their ajaxoid works across domains than:

1) They are using some sross-browser vulnerability exploit in
IXMLHTTPRequest / XMLHttpRequest object (highly unlickly).

2) They are using standard server-side workarounds for cross-domain
lock (the latter over the last two years became an annoing bug to fix
in each solution, rather than a security mesure of any kind).
aka@aka-fotos.de
Guest
  
Posts: n/a
#6: Oct 16 '06

re: Which domain for XMLHttpRequest?

The only way is to use a workaround - a serverside program that reads
the external file, php for example. If you are interested I will send
you a php file which I wrote to make external requests via Iframe or
XMLHttpRequest.

Andi
BinnyVA
Guest
  
Posts: n/a
#7: Oct 17 '06

re: Which domain for XMLHttpRequest?

The only way is to use a workaround - a serverside program that reads
Quote:
the external file, php for example. If you are interested I will send
you a php file which I wrote to make external requests via Iframe or
XMLHttpRequest.
This is the most dependable method - it is guaranteed to work. However
there are other methods too...

Using a hidden IFrame to load the external data.
http://manual.dojotoolkit.org/WikiHo...DotBook/Book75

Using Flash's cross domain capabilities.

Calling a JS file from an external site - as used in Cow
Ajax(http://cows-ajax.sourceforge.net/)

W3C recommendation for Cross-Domain XHR...
http://lists.w3.org/Archives/Public/...i/2006Jun/0012

--
Binny V A
http://www.openjs.com/ - JavaScript Opened
Touffy
Guest
  
Posts: n/a
#8: Oct 17 '06

re: Which domain for XMLHttpRequest?

virtuPIC said:
Quote:
Yes, I agree. However, there must be some solution. Google Maps API
provides geocoding using AJAX. Have a look at
>
http://www.google.com/apis/maps/docu...ClientGeocoder
>
I tried to find out, but Google Maps JavaScript is too obfuscated for
my taste. It uses XMLHttpRequest to access some URL different from
document.location of the file using the API. How does it work?
>
To make it run soon I will implement some connection using an invisible
IFRAME, but that won't be final.
In fact, that's just what Google Maps does. They don't load the XML
directly with XMLHttpRequest, they wrap it inside an IFRAME's document,
and they reload that IFRAME.

Using just any method (SOAP, invisible IFRAME...) to retrieve XML
without reloading the page is, litterally, asynchronous JavaScript and
XML.
Therefore AJAX != XMLHttpRequest


--
David Junger
virtuPIC
Guest
  
Posts: n/a
#9: Oct 18 '06

re: Which domain for XMLHttpRequest?

Many thanks to all of you answering my question! In parallel, I found a
web page explaining different options:
http://www.xml.com/pub/a/2005/11/09/...html?page=last

I'll use on-demand JavaScript for which you can find a code sample on
the xml.com-page.

Again, thank you very much!
virtuPIC
Closed Thread

« previous question | next question »

Similar JavaScript / Ajax / DHTML bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,449 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved