XMLHttpRequest Level 2 / CORS

Definitions

CORS

Cross-Origin Resource Sharing

XMLHttpRequest Level 2 (XHR2)

Extended functionality for and using the same, well-known XMLHttpRequest object

User agents that support XMLHttpRequest2 must support CORS (according to W3C specs).

Description

The normal XMLHttpRequest object is used. When the XHR2 object is available, the cross-domain restriction cq. security violation is no longer applicable. The prerequisite for using CORS is that the server has to allow incoming requests from other domains by using an Access-Control-Allow-Origin header. Valid examples include:

• Access-Control-Allow-Origin: *
• Access-Control-Allow-Origin: http://example.org http://webpro.nl

Example

Execute a cross-domain request.