Peter Lubbers - Pro HTML 5 Programming
Pro HTML 5 Programming
Pro HTML 5 Programming
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
126<br />
CHAPTER 5 ■ USING THE COMMUNICATION APIS<br />
XMLHttpRequest Level 2<br />
XMLHttpRequest is the API that made Ajax possible. There are many books about XMLHttpRequest and<br />
Ajax. You can read more about XMLHttpRequest programming in John Resig’s <strong>Pro</strong> JavaScript<br />
Techniques, (Apress, 2006).<br />
XMLHttpRequest Level 2—the new version of XMLHttpRequest—has been significantly enhanced.<br />
In this chapter, we will be covering the improvements introduced in XMLHttpRequest Level 2. These<br />
improvements are centered on the following areas:<br />
• Cross-origin XMLHttpRequests<br />
• <strong>Pro</strong>gress events<br />
Cross-Origin XMLHttpRequest<br />
In the past, XMLHttpRequest was limited to same-origin communication. XMLHttpRequest Level 2<br />
allows for cross-origin XMLHttpRequests using Cross Origin Resource Sharing (CORS), which uses the<br />
origin concept discussed in the earlier Cross Document Messaging section.<br />
Cross-origin HTTP requests have an Origin header. This header provides the server with the<br />
request’s origin. This header is protected by the browser and cannot be changed from application code.<br />
In essence, it is the network equivalent of the origin property found on message events used in Cross<br />
Document Messaging. The origin header differs from the older referer [sic] header in that the referer is a<br />
complete URL including the path. Because the path may contain sensitive information, the referer is<br />
sometimes not sent by browsers attempting to protect user privacy. However, the browser will always<br />
send the required Origin headers when necessary.<br />
Using cross-origin XMLHttpRequest, you can build web applications that use services hosted on<br />
different origins. For example, if you wanted to host a web application that used static content from one<br />
origin and Ajax services from another, you could use cross-origin XMLHttpRequest to communicate<br />
between the two. Without cross-origin XMLHttpRequest, you would be limited to same-origin<br />
communication. This would constrain your deployment options. For example, you might have to deploy<br />
the web application on a single domain or set up a subdomain.<br />
As shown in Figure 5-4, cross-origin XMLHttpRequest allows you to aggregate content from<br />
different origins on the client side. Additionally, you can access secured content with the user’s<br />
credentials if the target server allows it, providing users with direct access to personalized data. Serverside<br />
aggregation, on the other hand, forces all content to be funneled through a single server-side<br />
infrastructure, which can create a bottleneck.