[JAVASCRIPT/AJAX] 타 도메인, 타 포트로의 AJAX 쿼리하는 방법
CORS In Action
Browsers such as Firefox 3.5 and above implement the W3C Cross-Origin Request Sharing (CORS) specification as a means to mitigate cross-site requests initiated by the XMLHttpRequest object in JavaScript as well as for web fonts. You can read more about Access Control at developer.mozilla.org, including code snippets. Here you'll find some examples of the XMLHttpRequest API as a "container" for access control.
Four examples are given below. Simply "View Source" them to see how they work-- all JavaScript is resident within the XHTML. Full code listings showing the PHP scripts I used to handle requests (and formulate responses) will also be posted soonish. TXT dumps of the header exchanges between client and server are posted next to each example. Note that in keeping with the access control specification, Firefox 3.5 will always send the ORIGIN header when making requests mitigated by the CORS specification. The XMLHttpRequest object in Firefox 3.5 and beyond takes care of sending access-control headers; developers need to ensure that the resources they are accessing are sending the right headers back.
-
The "Simple Invocation using
GET" gives an example of content resident on this server making aGETrequest to content resident on another server. No preflighting takes place since the request is aGETwith no custom headers. Here's a TXT file dump of the header exchanges between a beta of Firefox 3.5 and the server in the "Simple" scenario. -
The "Preflighted Invocation using
POSTwithapplication/xmland Custom Headers" gives an example of content resident on this server making aPOSTrequest to content resident on another server (withPOSTdata of typeapplication/xml, as well as setting a custom request header using thesetHeadermethod ofXMLHttpRequest(the imaginaryX-PINGARUNER). Since this request hasPOSTdata with MIME Types other thantext/plain,multipart/form-data, andapplication/x-www-form-urlencodedand since the example sends a custom header (X-PINGARUNER), this request is "preflighted" with anOPTIONSrequest header first, checks for the resource setting the appropriate access headers, and then makes the actual request. Here's a TXT file dump of the header exchanges between a beta of Firefox 3.5 and the server in the "preflighted" scenario. -
The "Credentialed Request" uses a simple invocation scenario (with
GET-- thus, no preflighting takes place) but accesses a resource which sets a simple counter Cookie. The code sample (do a View Source) shows that thewithCredentialsflag of theXMLHttpRequest objectis set. Here's a TXT file dump of the header exchanges between a beta of Firefox 3.5 and the server in the credentialed request. -
The "Request for a Resource that Sends Cookies but No Credentials API Flag Set" is the same example as above, but with the
withCredentialsusage commented out.
'JAVASCRIPT' 카테고리의 다른 글
| JSON Object를 정렬하는 방법 (0) | 2009.12.29 |
|---|
JSON Object를 정렬하는 방법
JSON Object를 정렬하는 방법
var resultJSON = result.evalJSON();
resultJSON.sort(function (obj1, obj2) {
return obj1.[OBJECT KEY NAME] < obj2.[OBJECT KEY NAME] ? -1 : (obj1.[OBJECT KEY NAME] > obj2.[OBJECT KEY NAME] ? 1 : 0);
});
'JAVASCRIPT' 카테고리의 다른 글
| [JAVASCRIPT/AJAX] 타 도메인, 타 포트로의 AJAX 쿼리하는 방법 (0) | 2009.12.29 |
|---|
Prototype 1.6.1.0 & scriptaculous 1.8.3 Update
scriptaculous-js-1.8.3.zip
prototype.jsPrototype 1.6.1 Update 내용
We’re pleased to announce the release of Prototype 1.6.1 today. This version features improved performance, an element metadata storage system, new mouse events, and compatibility with the latest browsers. It’s also the first release of Prototype built with Sprockets, our JavaScript packaging tool, and PDoc, our inline documentation tool.
Highlights
Full compatibility with new browsers. This version of Prototype fully supports versions 1.0 and higher of Google Chrome, and Internet Explorer 8 in both compatibility mode and super-standards mode.
Element metadata storage. Easily associate JavaScript key/value pairs with a DOM element. See the blog post that started it off.
New mouse events. Internet Explorer’s proprietary “mouseenter” and “mouseleave” events are now available in all browsers.
Improved performance and housekeeping. The frequently used Function#bind, String#escapeHTML, and Element#down methods are faster, and Prototype is better at cleaning up after itself.
Built with Sprockets. You can now include the Prototype source code repository in your application and use Sprockets for dependency management and distribution.
Inline documentation with PDoc. Our API documentation is now stored in the source code with PDoc so it’s easy to send patches or view documentation for a specific version.
See the RC2 blog post, RC3 blog post, and CHANGELOG for more details.
Download, report bugs, and get help
- Download Prototype 1.6.1
- View the API documentation
- Check out the Prototype source code on GitHub
- Submit bug reports to Lighthouse
- Get Prototype help on the mailing list or #prototype IRC channel
- Interact with the Core Team on the protoype-core mailing list
We hope you enjoy the new version!
UPDATE
We’re aware of the usability issues with the current PDoc-generated API documentation. We’re working hard to fix those.
In the meantime, we’ve reverted our changes and you can again access the old Prototype documentation. For those of you courageous enough, the new documentation is still available.
Sorry for the inconvenience.
