Home > Developer > Web Develop

AJAX (XMLHttpRequest) cross-domain request method in detail (ii)

Source: Internet
Author: User
Tags dotnet
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Note: The following code should be tested in Firefox 3.5, Chrome 3.0, and Safari 4 versions. The implementation of IE8 is different from other browsing methods.

2, pre-test request

The preflight request first needs to send an HTTP OPTIONS request header to the resource of another domain name in order to determine whether the actual sent request is secure. The following 2 scenarios require a preflight:
A, not a simple request above, such as a POST request using Content-type for Application/xml or Text/xml
b, set the custom header in the request, such as X-json, X-mengxianhui, etc.

Note: In IIS, you must configure the action of the. aspx extension in the application extensions to allow OPTIONS.

Below we give a preflight request:

[XHTML]View Plaincopy
  2. <! DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 transitional//en"
  4. "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  6. <HTML xmlns="http://www.w3.org/1999/xhtml">
  8. <head>
  10. <title> dimant Ajax cross-domain request test </title>
  12. </head>
  14. <body>
  16. <input type=' button ' value=' Start testing ' onclick=' crossdomainrequest () ' />
  18. <div id="Content"></div>
  20. <mce:script type="Text/javascript"><!--
  22. var xhr = new XMLHttpRequest ();
  24. var url = ' http://dotnet.aspx.cc/PreflightedRequests.aspx ';
  26. function Crossdomainrequest () {
  28. document.getElementById ("Content"). InnerHTML = "Start request ...";
  30. if (XHR) {
  32. var xml = "<root> test </root>";
  34. Xhr.open (' POST ', url, true);
  36. Xhr.setrequestheader ("Powered-by-mengxianhui", "Approve");
  38. Xhr.setrequestheader ("Content-type", "Application/xml");
  40. Xhr.onreadystatechange = handler;
  42. Xhr.send (XML);
  44. } else {
  46. document.getElementById ("Content"). InnerHTML = "Cannot create XMLHttpRequest.  ";
  48. }
  50. }
  52. function Handler (EVTXHR) {
  54. if (xhr.readystate = = 4) {
  56. if (xhr.status = =) {
  58. var response = Xhr.responsetext;
  60. document.getElementById ("Content"). InnerHTML = "Result:" + response;
  62. } else {
  64. document.getElementById ("Content"). InnerHTML = "cannot be accessed across.  ";
  66. }
  68. }
  70. else {
  72. document.getElementById ("Content"). InnerHTML + = "<br/> Execution Status readyState:" + xhr.readystate;
  74. }
  76. }
  78. --></mce:script>
  80. </body>
  82. </html>

In the example above we send data in XML format, and send a nonstandard HTTP header Powered-by-mengxianhui to explain how the server side should set the response header.

On the server side, the contents of preflightedrequests.aspx are as follows:

[XHTML]View Plaincopy
  2. <%@ page language="C #"%>
  4. <mce:script runat="Server"><!--
  6. protected void Page_Load (object sender, EventArgs e)
  8. {
  10. if (Request.HttpMethod.Equals ("GET"))
  12. {
  14. Response.Write ("This page is used to test cross-domain POST requests, direct browsing is of little significance.") ");
  16. }
  18. else if (Request.HttpMethod.Equals ("Options"))
  20. {
  22. Notifies the client that a preflight request is allowed. and set the cache time
  24. Response.clearcontent ();
  26. Response.AddHeader ("Access-control-allow-origin", "http://www.meng_xian_hui.com:801");
  28. Response.AddHeader ("Access-control-allow-methods", "POST, GET, OPTIONS");
  30. Response.AddHeader ("Access-control-allow-headers", "Powered-by-mengxianhui");
  32. Response.AddHeader ("Access-control-max-age", "30");
  34. This procedure does not need to return data
  36. Response.End ();
  38. }
  40. else if (Request.HttpMethod.Equals ("POST"))
  42. {
  44. if (request.headers["Origin"]. Equals ("http://www.meng_xian_hui.com:801"))
  46. {
  48. System.Xml.XmlDocument doc = new System.Xml.XmlDocument ();
  50. Doc. Load (Request.inputstream);
  52. Response.AddHeader ("Access-control-allow-origin", "http://www.meng_xian_hui.com:801");
  54. Response.Write ("The data you submitted is:<br/><br/>" + Server.HTMLEncode (DOC).  OuterXml));
  56. }
  58. Else
  60. {
  62. Response.Write ("Do not allow your site to be requested. ");
  64. }
  66. }
  68. }
  70. --></mce:script>

Click the "Start Test" button and the following series of requests will be executed.

[XHTML]View Plaincopy
  2. Options/preflightedrequests.aspx http/1.1
  4. Host:dotnet.aspx.cc
  6. user-agent:mozilla/5.0 (Windows; U Windows NT 5.2; ZH-CN; rv:1.9.1.7) gecko/20091221 firefox/3.5.7 (. NET CLR 3.5.30729)
  8. Accept:text/html,application/xhtml+xml,application/xml; q=0.9,*/*; q=0.8
  10. Accept-language:zh-cn,zh; q=0.5
  12. Accept-encoding:gzip,deflate
  14. Accept-charset:gb2312,utf-8; q=0.7,*; q=0.7
  16. keep-alive:300
  18. Connection:keep-alive
  20. origin:http://www.meng_xian_hui.com:801
  22. Access-control-request-method:post
  24. Access-control-request-headers:powered-by-mengxianhui
  26. http/1.x OK
  28. Date:sun, 14:00:34 GMT
  30. server:microsoft-iis/6.0
  32. X-powered-by:asp.net
  34. x-aspnet-version:2.0.50727
  36. access-control-allow-origin:http://www.meng_xian_hui.com:801
  38. Access-control-allow-methods:post, GET, OPTIONS
  40. Access-control-allow-headers:powered-by-mengxianhui
  42. Access-control-max-age:30
  44. Set-cookie: asp.net_sessionid=5npqri55dl1k1zvij1tlw3re; path=/; HttpOnly
  46. Cache-control:private
  48. content-length:0
  50. Post/preflightedrequests.aspx http/1.1
  52. Host:dotnet.aspx.cc
  54. user-agent:mozilla/5.0 (Windows; U Windows NT 5.2; ZH-CN; rv:1.9.1.7) gecko/20091221 firefox/3.5.7 (. NET CLR 3.5.30729)
  56. Accept:text/html,application/xhtml+xml,application/xml; q=0.9,*/*; q=0.8
  58. Accept-language:zh-cn,zh; q=0.5
  60. Accept-encoding:gzip,deflate
  62. Accept-charset:gb2312,utf-8; q=0.7,*; q=0.7
  64. keep-alive:300
  66. Connection:keep-alive
  68. Powered-by-mengxianhui:approve
  70. Content-type:application/xml; charset=UTF-8
  72. Referer:http://www.meng_xian_hui.com:801/crossdomainajax/preflightedrequests.html
  74. Content-length:19
  76. origin:http://www.meng_xian_hui.com:801
  78. Pragma:no-cache
  80. Cache-control:no-cache
  82. <root> Test </root>
  84. http/1.x OK
  86. Date:sun, 14:00:34 GMT
  88. server:microsoft-iis/6.0
  90. X-powered-by:asp.net
  92. x-aspnet-version:2.0.50727
  94. access-control-allow-origin:http://www.meng_xian_hui.com:801
  96. Set-cookie: asp.net_sessionid=byvose45zmtbqy45d2a1jf2i; path=/; HttpOnly
  98. Cache-control:private
  100. content-type:text/html; charset=utf-8
  102. Content-length:65

The above code reflects the execution of the preflight request: First, the OPTIONS request header is sent to the server to consult the server for more information to prepare for subsequent real requests. such as whether the POST method is supported. It is worth noting that:

The browser also sends Access-control-request-method:post and Access-control-request-headers:powered-by-mengxianhui request headers.

Note: The above process is the first time the process of the request, if within 30 seconds repeatedly click the button, you can not see the OPTIONS this process. The execution process is this:

[XHTML]View Plaincopy
  2. Post/preflightedrequests.aspx http/1.1
  4. Host:dotnet.aspx.cc
  6. user-agent:mozilla/5.0 (Windows; U Windows NT 5.2; ZH-CN; rv:1.9.1.7) gecko/20091221 firefox/3.5.7 (. NET CLR 3.5.30729)
  8. Accept:text/html,application/xhtml+xml,application/xml; q=0.9,*/*; q=0.8
  10. Accept-language:zh-cn,zh; q=0.5
  12. Accept-encoding:gzip,deflate
  14. Accept-charset:gb2312,utf-8; q=0.7,*; q=0.7
  16. keep-alive:300
  18. Connection:keep-alive
  20. Powered-by-mengxianhui:approve
  22. Content-type:application/xml; charset=UTF-8
  24. Referer:http://www.meng_xian_hui.com:801/crossdomainajax/preflightedrequests.html
  26. Content-length:19
  28. origin:http://www.meng_xian_hui.com:801
  30. Pragma:no-cache
  32. Cache-control:no-cache
  34. <root> Test </root>
  36. http/1.x OK
  38. Date:sun, 14:06:32 GMT
  40. server:microsoft-iis/6.0
  42. X-powered-by:asp.net
  44. x-aspnet-version:2.0.50727
  46. access-control-allow-origin:http://www.meng_xian_hui.com:801
  48. Set-cookie: asp.net_sessionid=qs1c4urxywdbdx55u04pvual; path=/; HttpOnly
  50. Cache-control:private
  52. content-type:text/html; charset=utf-8
  54. Content-length:65

Why is that?  Careful child shoes may be noticed, on the server side there is a line of code Response.AddHeader ("Access-control-max-age", "30"); It is used to set the validity time of the preflight, in seconds. Pay special attention to this point.

AJAX (XMLHttpRequest) cross-domain request method in detail (ii)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
invalid method in request quit get post and request method in php explain html in detail php detect ajax request php ajax request php check ajax request ajax request header

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More