Comments on: cross-site xmlhttprequest with CORS

By: 5 years of Firefox at hacks.mozilla.org

5 years of Firefox at hacks.mozilla.org — Mon, 09 Nov 2009 09:53:16 +0000

[...] One thing that’s become obvious over the last five years is the wide gap that’s emerging between the field of modern browsers – Firefox, Safari, Opera and Chrome – with the world’s most popular browser – IE. The modern browser is built for the future of web applications – super fast JavaScript, modern CSS, HTML5, support for the various web-apps standards, downloadable font support, offline application support, raw graphics through canvas and WebGL, native video, advanced XHR capabilities mixed with new security tools and network capabilities. [...]

By: Xiaoxin

Xiaoxin — Mon, 31 Aug 2009 16:01:43 +0000

Tested CORS with Chrome and it works however xhr.withCredentials always comes back undefined making this feature detection method unrealiable. Tested on Chrome 2.0.172.43.

By: Chris B. – idéias e pensamentos » XMLHttpRequest cross-site: mais uma vez o IE fora do padrão

Thu, 27 Aug 2009 21:31:41 +0000

[...] não é falar da implementação em si, até porque eu não conseguiri escrever nada melhor do que foi escrito pelo hacks.mozilla, mas sim falar que novamente a Microsoft atrapalha os padrões (aliás, vejam com cuidado esse post [...]

By: securitybananas.com » XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+

securitybananas.com » XMLHTTPReqest “Ping” Sweeping in Firefox 3.5+ — Mon, 20 Jul 2009 19:07:43 +0000

[...] brought my attention to the new Firefox 3.5+ CORS (Cross-Origin Resource Sharing) which is a way to do a cross domain XMLHTTPReqest. Does that sound scary? Well, it is, but [...]

By: El Blog Mojaina » Ajax cross-domain con Safari 4, Google Chrome 2 y Firefox 3.5

Thu, 09 Jul 2009 09:54:22 +0000

[...] permitiendo una mejor integración entre servicios online. Safari4, Google Chrome 2 y ahora Firefox 3.5, ya implementan dicha mejora y nos permite trabajar con ella. Por otro lado Microsoft, en otro mundo, desarrolla XDomainRequest() que permite realizar [...]

By: Ajax cross-domain con Safari 4, Google Chrome 2 y Firefox 3.5 : Blogografia

Ajax cross-domain con Safari 4, Google Chrome 2 y Firefox 3.5 : Blogografia — Thu, 09 Jul 2009 07:01:12 +0000

[...] Google Chrome 2 y ahora Firefox 3.5, ya implementan dicha mejora y nos permite trabajar con ella. Por otro lado Microsoft, en otro mundo, desarrolla XDomainRequest() que permite realizar [...]

By: Ajax cross-domain con Mozilla 3.5 y Safari 4 : Blogografia

Ajax cross-domain con Mozilla 3.5 y Safari 4 : Blogografia — Thu, 09 Jul 2009 06:20:30 +0000

[...] y ahora Firefox 3.5, ya implementan dicha mejora y nos permite trabajar con ella. Por otro lado Microsoft, en otro mundo, desarrolla XDomainRequest() que permite realizar [...]

By: Ajax cross-domain con Mozilla 3.5 y Safari 4 | aNieto2K

Ajax cross-domain con Mozilla 3.5 y Safari 4 | aNieto2K — Thu, 09 Jul 2009 06:06:28 +0000

[...] y ahora Firefox 3.5, ya implementan dicha mejora y nos permite trabajar con ella. Por otro lado Microsoft, en otro mundo, desarrolla XDomainRequest() que permite realizar [...]

By: links for 2009-07-08 | 小李贼

links for 2009-07-08 | 小李贼 — Wed, 08 Jul 2009 13:30:45 +0000

[...] cross-site xmlhttprequest with CORS 站点间的 xmlhttp 交互 (tags: javascript ajax) [...]

By: William Edney

William Edney — Tue, 07 Jul 2009 18:23:00 +0000

Arun -

One last message. In reducing this for a testcase for FF 3.5, I found an error in my previous test. FF 3.5 works fine. Haven’t tried this in IE8, yet

Thanks again for these helpful examples .

Cheers,

- Bill

By: William Edney

William Edney — Tue, 07 Jul 2009 17:53:03 +0000

Arun -

Did a bit more sussing of what’s going here.

1. I’m an idiot and only after posting did I figure out that your server wasn’t configured with ‘Access-Control-Allow-Origin: *’.

2. I found a test server that does:

http://rockstarapps.com/test.php.

3. Tested both FF 3.5 and Safari 4.X against that server. It turns out that Safari 4.X works properly, FF 3.5 does not. Off to Bugzilla…

Thanks!

Cheers,

- Bill

By: Arun Ranganathan

Arun Ranganathan — Tue, 07 Jul 2009 16:42:31 +0000

@FirefoxFanatic — no comment from Opera yet; the last public-facing message we got from an Opera engineer was: http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/1223.html

By: Firefox Fanatic

Firefox Fanatic — Tue, 07 Jul 2009 15:35:21 +0000

So, Firefox 3.5, Safari 4, and Google Chrome 2 all support the CORS specification, while Internet Explorer 8 partially supports it with XDomainRequest. What about Opera? Is there any news on when they will support this functionality?

By: Arun Ranganathan

Arun Ranganathan — Tue, 07 Jul 2009 06:15:17 +0000

@Bill — good question What’s happening when you take the simple request and run it locally (from file:///) is that the value of the Origin header is now null (”Origin: null”). But, my server-side PHP script doesn’t handle a null Origin and thus doesn’t send back the right response.

@Jeff — yikes, good catch

By: Gen Kanai

Gen Kanai — Tue, 07 Jul 2009 03:55:24 +0000

@Jeff- thanks for the edit. Updated.

By: Jeff Walden

Jeff Walden — Tue, 07 Jul 2009 02:38:56 +0000

Typo: “Cross-Origin Resource Sharing”, not “request” sharing.

By: thinsoldier

thinsoldier — Tue, 07 Jul 2009 00:05:33 +0000

Been waiting all day an update!
thanks.

By: William Edney

William Edney — Mon, 06 Jul 2009 23:48:30 +0000

Arun -

Ok, so maybe I’m being an idiot and your server is only authorizing the domain that you’re calling from in your example and not ‘*’.

Hmmm…

Cheers,

- Bill

By: William Edney

William Edney — Mon, 06 Jul 2009 23:41:02 +0000

Arun -

Thanks for the excellent example. I grabbed the ‘Simple Example’ page, saved it to my file system, reloaded that page into another window using the ‘file:///’ URL and tried to invoke the cross-site query. This failed in both Firefox 3.5 (Mac) and Safari 4 (Mac).

Is there some reason this isn’t working? Given that the W3 defines ‘file:///’ URLs as a valid origin, this should work IMHO.

Cheers,

- Bill