Hi all, I don't know what the state of this is in the current development of jQuery, but I just patched my local 1.3.2 version to be able to support the most basic scenario of "Cross-Origin Resource Sharing". I can now make cross-domain plain JSON requests on my machine using Firefox 3.5. (I only need it for testing right now so this is OK for me)
http://dev.w3.org/2006/waf/access-control/ https://developer.mozilla.org/En/HTTP_access_control The concept distinguishes between "Simple Requests" and "Preflighted requests", which are handled differently. To qualify as a simple request it must use GET or POST and must not contain any custom headers. Stepping through the jQuery code, this quickly turned out to be a problem, since jQuery adds the X-Requested-With header to all outgoing requests. For now I just commented out the line xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest"); (line 3531 in my version of jquery 1.3.2) to make the browser treat it as a basic request. So one way to support this would be to offer a flag to not set optional headers in the request. To make the request fully work, the server has to add a Access-Control-Allow-Origin header to the response, but this is not in the responsibility of jQuery. The other route would be to support the "Preflighted requests" protocol, but this is more involved since it results in sending an OPTIONS request first and then, depending on the server's response, sending the actual request. I did not look into this for now since the above is sufficient for my use case. I am sorry that I do not have time right now to provide any formal patch or look further into this issue, since I have a deadline approaching. But I wanted to share my findings with you since currently nothing shows up when googling the relevant keywords. This blog post http://pdxjs.com/2009/08/02/sammy-and-cross-origin-resource-sharing.html mentions that none of the common js libraries support Cross-Origin Resource Sharing for now. Btw. one of the problems was that it took me quite a while to find out what was wrong since Firefox 3.5 will fail silently on cross-domain requests with jquery - it sends out an OPTIONS request, which is passed to jQuery as a reply. Obviously the data is missing but other than that there is no indication that something went wrong. So if you decide to not implement CORS cross-domain requests should at least fail with an exception to help debugging. All the best, Flo Ledermann --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "jQuery Development" group. To post to this group, send email to jquery-dev@googlegroups.com To unsubscribe from this group, send email to jquery-dev+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/jquery-dev?hl=en -~----------~----~----~----~------~----~------~--~---
