> Same browser (Safari.latest) on the same computer, the Prototype method 
> gives me a security failure (Origin [my host] is not allowed by 
> Access-Control-Allow-Origin.) while the long-hand XHR (inside a Prototype 
> observer) just works without any comment:
> Two differences I can notice:
1. Prototype sets request headers 'X-Requested-With', 
'X-Prototype-Version', 'Accept' with setRequestHeaders() - you don't
2. Prototype calls send with null argument
    this.transport.send(null); // Prototype
    client.send(); // your raw XHR

If you can test your code with these two changes - will it raise error?

  $('zip').observe('change', function(evt) {
    var client = new XMLHttpRequest();
+ $F(this), true);
    client.onreadystatechange = function() {
      if(client.readyState == 4) {
        var data = client.responseText.evalJSON();
*    client.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
    client.setRequestHeader('X-Prototype-Version', '1.7');
*    client.setRequestHeader('Accept', 'text/javascript, text/html, 
application/xml, text/xml, */*');*

You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To view this discussion on the web visit 
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to