Cross-site Ajax in Firefox 3

John Resig has posted a good summary (including demo code) for how one might implement cross-site XMLHttpRequest calls, a feature currently implemented by the beta 2 release of Firefox 3.

In a nutshell, there are two techniques that you can use to achieve your desired cross-site-request result: specifying a special access-control header for your content, or including an access-control processing instruction in your XML.

What’s particularly exciting is the code that is required to take advantage of this feature. For example, to request an HTML file from a remote domain, you might do the following (you’ll need to download Firefox 3 first, of course):

var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function() {   if ( xhr.readyState == 4 ) {     if ( xhr.status == 200 ) {       document.body.innerHTML = "And the winner is... " + xhr.responseText;     } else {       document.body.innerHTML = "ERROR";     }   } };"GET", "", true); xhr.send(null);

Look familiar? Aside from the inclusion of the domain in the URL parameter of the open function, this code is identical to the standard Ajax calls that you are probably already making.

Of course, whether cross-site Ajax requests are a Bad Thing or not is a debate that will no doubt rage for years up until enough browsers support the functionality for it to be actually useful. Once we reach that point, it’s my bet that a whole world of new mashups, apps and other services will open up (and, yes, people who don’t understand it will no doubt do stupid things with it, as they did when Ajax became the new hotness a couple of years ago).

Read the official documentation on the Mozilla Development Center for more information (and maybe check out the documentation for some of the other features to come while you’re there).


Category: javascript Time: 2008-01-15 Views: 1

Related post

  • OSCON 2006: Cross-site Ajax 2006-07-28

    This week, Kevin Yank is reporting from OSCON 2006 in Portland, OR. Paralyzed by indecision (at any given time at OSCON, there are literally three different sessions I would consider "must-see" going on), I went to Plaxo developer Joseph Smarr's

  • Allowing cross-site AJAX in Drupal 2016-06-27

    I'm working on wrapping a JavaScript library to use it in a Drupal site. This module can use cross-site AJAX calls to get data from an outside server. My module works inside Drupal when I hard-code the data, and it works with cross-site server calls

  • Interpreting JSONP via cross-site AJAX 2016-01-31

    I'm trying to extract some data from the Premier League Fantasy Football site and falling short on what feels like a catch 22. My AJAX JSONP script looks like the following: function getPlayer(playerNumber) { $.ajax({ url: 'http://fantasy.premierleag

  • How to block all cross-site image requests originating for a specific website in Firefox? 2015-06-27

    I'm using Firefox 38 and OS can either be Windows 7, Ubuntu 14.04, or Slackware 14.1. I want to know a way to block all cross-site image requests originating for a specific website. E.g. Consider where images from,

  • WP script versioning breaks cross-site caching? 2011-01-26

    I am loading JQuery from the google CDN using the following code: wp_deregister_script('jquery'); wp_register_script( 'jquery', // handle - WP uses this name to refer to script '', array(

  • Does Google Chrome protect against cross site scripting (XSS)? 2012-06-19

    In Firefox I've been using the NoScript extension to protect myself from certain kinds of malware attacks. NoScript is well known as a very powerful extension for Firefox and introduced protection from XSS and clickjacking attacks as far back as '07.

  • What is the danger of Reflected Cross Site Scripting? 2012-08-28

    What is the danger of Reflected Cross Site Scripting? I understand the Reflected XSS is dangerous, because it's possible. But what practical attacks can be performed using Reflected XSS? --------------Solutions------------- You can do a lot when you

  • Cross-Site Request Forgery (CSRF) CWE 2013-04-23

    I have Following page: <apex:page controller="myclass" action={!clean}> </apex:page> and controller class as: public with sharing class myclass { public void clean() { List<auditcount__c> existing = [SELECT Id From auditcount__

  • How to stop other websites from sending cross domain AJAX requests? 2013-10-24

    From two different applications, I was able to send cross-orgin requests. Though the browser returns a "cross origin" error my server is still receiving and executing the request. For example, from a remote site I can invoke cross domain request

  • Cross site Scripting in HTTP Method? 2013-12-30

    Lately, I've noticed that many web server configurations reflect the method of an HTTP request sent with a non implemented method in the body of the server's response. For example, A request sent with the method GETTT will be responded with a 501 "me

  • Attempting to make a Cross Domain AJAX request to a Server I don't own 2015-02-05

    I'm aware that javascript programs running in a browser are bound to the same-origin policy which prevents them from requesting services from a server that is on a different domain. What I've gathered from that is that lets say a script on www.mysite

  • Is CORS helping in anyway against Cross-Site Forgery? 2015-08-26

    I've been reading in the last couple of days about CORS and in a lot of places it's mentioned as it is a "Security" feature to help the world from cross domain forgery. I still don't see the benefit and the reasoning for CORS. Ok, browsers will

  • code automatically changing on me - iframe not working consistently - IE11 cross-site scripting error 2015-11-12

    I have created a Basic Page and put code in the body for an iframe so we can connect to our university library publication system. I'm doing this for all our users with publications. I had about 20 users completed and the pages worked brilliantly. I

  • Paranoia: Cross Site Scripting 2003-08-29

    They're watching you, you know that? They've been scoping you out for quite some time, looking at ways to screw with you and your site. All right, you think your code is secure, eh? Got the latest handy-dandy encryption on your stuff, and you're all

  • Security: Preventing Cross-site Scripting 2004-02-08

    Good article summarizing the dangers of Cross-Site Scripting and how to prevent them. Examples are in Perl but the basic message is never trust anything from the browser. Where cross-site scripting is concerned, particular caution needs to be taken i

  • Cross Site Scripting Could Make You Lose Your Cookies 2005-07-18

    Cross Site Scripting (XSS) is a form of security exploit that threatens any web application. Its severity is often underestimated. The problems go far beyond annoyances and practical jokes. By stealing your cookies, Cross Site Scripting attacks can a

  • cross site collection multi list view webpart 2010-11-07

    I was able to implement this cross site collection list view webpart (link below). But know i'm currently modifying it so that i can pull from multiple lists. although, this is turning out to be more difficult than i thought. If you have any good res

  • How can I explain Cross Site Scripting in a non-technical way? 2010-12-28

    I work programming Enterprise Java applications and do very little web development in 2002. I'm interested in security and like to read articles about it. However, I never fully understand how XSS works. Can you explain it to me or pointing some reso

  • Will my Wordpress site become vulnerable to Cross-Site Scripting (XSS) if I allow img tags in the comments area? 2011-05-23

    I'm planning to follow this tutorial in order to allow my subscribers to add images to comments (actually a custom post type called "Replies"). Wordpress filters <img> tags by default (except for the admin). Will my Wordpress site be vulne

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C), All Rights Reserved.

processed in 0.613 (s). 13 q(s)