Welcome Sign in
Skip Navigation Links
Internet Explorer Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
Web Development
Hosting and Reuse
MSHTML Reference
IHTMLXDomainRequest
IHTMLXDomainRequest Interface
New for Windows Internet Explorer 8
Note: This documentation is preliminary and is subject to change.

Implements cross-domain data requests between the browser and a server using the XDomainRequest object,and without server-to-server requests.

IHTMLXDomainRequest Members

abort The abort method terminates a pending IHTMLXDomainRequest::send.
onerror Gets or sets the method to handle the onerror event.
onload Gets or sets the method to handle the onload event.
onprogress Gets or sets the method to handle the onprogress event.
ontimeout Gets or sets the method to handle the ontimout event.
open Creates a connection with a domain's server.
responseText Contains the body of the response returned by the server.
send Transmits a data string to the server for processing.
timeout Gets or sets the value of the timeout property.

Remarks

Cross-domain requests require mutual consent between the webpage and the server. You can initiate a cross-domain request in your webpage by creating an XDomainRequest object off the window object, and opening a connection to a particular domain. The browser will request data from the domain's server by sending an "XDomainRequest: 1" header. It will only complete the connection if the server responds with an "XDomainRequestAllowed" header with the value "1" (for true). For example, a server's asp page may include the response header: "Response.AppendHeader("XDomainRequestAllowed","1");".

XDR requires a header to be returned by a server. Any server-side technology that supports adding response headers may be used.

Note   Security note: Cross-domain requests are anonymous to protect user data. This means that servers cannot easily determine who is requesting data. To protect user privacy, request and respond with cross domain data that is not sensitive or personally identifiable.
Note   Security note: We discourage intranet sites from making XDR data available to help prevent intranet data from being leaked to malicious Internet sites.

The protocols of the requesting page and serving page must match. For example, if you create a requesting web page on your desktop, which has the protocol file://, and it requests a connection with an HTTP:// server, the request will fail. Instead, create a requesting web page on a Microsoft Internet Information Server (IIS) server, which will have a protocol of http://.

Cross domain requests can only be sent and received from a web page to URLs in the following Internet Explorer zones:

From web page \ To URL Local Intranet Trusted(Intranet) Trusted(Internet) Internet Restricted
Local AllowAllowAllowAllowAllowDeny
Intranet Deny AllowAllowAllowAllowDeny
Trusted(Intranet) Deny AllowAllowAllowAllowDeny
Trusted(Internet) Deny Deny Deny AllowAllowDeny
Internet Deny Deny Deny AllowAllowDeny
Restricted Deny Deny Deny Deny Deny Deny

To use the XDR protocol, you first create an XDomainRequest object. Then you use the IHTMLXDomainRequest::open method to establish a connection with a domain's server. Once a connection is opened, the IHTMLXDomainRequest::send method transmits data strings to the server for processing. For example: 

  
// 1. Create XDR object 
xdr = new XDomainRequest(); 

// 2. Open connection with server using POST method
xdr.open("POST", "http://www.contoso.com/xdr.txt");

// 3. Send string data to server
xdr.send("data to be processed");     
                

      
<html>
<script type="text/javascript">
    var xdr;

    function readdata()
    {
        var dRes = document.getElementById('dResponse');
        dRes.innerText = xdr.responseText;
        alert("Content-type: " + xdr.contentType);
        alert("Length: " + xdr.responseText.length);
    }
    
    function err()
    {
        alert("XDR onerror");
    }
    function timeo()
    {
        alert("XDR ontimeout");
    }
    function loadd()
    {
        alert("XDR onload");
        alert("Got: " + xdr.responseText);
    }
    function progres()
    {
        alert("XDR onprogress");
        alert("Got: " + xdr.responseText);
    }

    function stopdata()
    {
        xdr.abort();
    }

    function mytest()
    {
        var url = document.getElementById('tbURL');
        var timeout = document.getElementById('tbTO');
        if (window.XDomainRequest)
        {
            xdr = new XDomainRequest();
            if (xdr)
            {
                xdr.onerror = err;
                xdr.ontimeout = timeo;
                xdr.onprogress = progres;
                xdr.onload = loadd;

                xdr.timeout = tbTO.value;
                xdr.open("get", tbURL.value);
                xdr.send();
            }
            else
            {
                alert('Failed to create');
            }
        }
        else
        {
            alert('XDR doesnt exist');
        }
    }
</script>
<body>
    XDomainRequest<br>
    <input type=text id=tbURL value='http://www.contoso.com/xdr.txt' style="width:300px"><br>
    <input type=text id=tbTO value='10000'><br>
    <input type=button onclick=mytest() value="Get">&nbsp;&nbsp;&nbsp;
    <input type=button onclick=stopdata() value="Stop">&nbsp;&nbsp;&nbsp;
    <input type=button onclick=readdata() value="Read">
    <br>
    <div id='dResponse'></div>
</body>
</html>

Background and overview information can be found in Better AJAX Development.

Interface Information

Stock Implementationmshtml.dll
Custom ImplementationNo
Inherits from IDispatch
Header and IDL filesmshtml.h, mshtml.idl
Minimum availabilityInternet Explorer 8
Minimum operating systems Windows XP SP2

See Also

XDomainRequest, Better AJAX Development
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker