W
Winston Smith, American Patriot
[previously posted in mozilla.support.firefox, where one responder
recommended posting it to a low traffic group mozilla.dev.extensions]
I ran into an issue where my interactive web document presents a form to the
user, and the form processes the user input by making an HTTP request to a
server with a scientific database, that is NOT the same server that served
the interactive web document (this is apparently the cross-domain problem).
The Firefox browser does not alert the developer/user of this violation in a
helpful way. When one initializes the XmlHttpRequest object in the usual
way (calls to .open() method, calls to .setRequestHeader() method, then
finally the .send() method), the XmlHttpRequest.readyState attains a value
of 4 (the COMPLETE condition), but the XmlHttpRequest.status value is ZERO
instead of the expected 3-digit HTTP status value (preferably 200 in a
successfully completed HTTP request). In going through Google search
results to answer my "WTF is going on" question, the cross-domain security
issue came up. I then used IE9, and sure enough, it at least reported a
PERMISSION error at the call to the XmlHttpRequest.open() method.
I have two questions.
(1) Numerous methods of the XmlHttpRequest object do not return values to
indicate success (true) or failure (false) with respect to execution of the
method. The mechanism of informing the caller of an error in using the
method appears to be the throwing of exceptions, according to a "standard"
regarding the XmlHttpRequest object found at W3C. Thus to detect errors---
or rather exceptions---in the use of object methods, it is sensible to make
method calls in try/catch blocks (correct?). Like so:
try {
requestObject.open(method, url, isSetAsynchronous);
} catch (exception) {
if (console && console.log) // if Firebug is working
console.log("Exception raised @ open() method" +
" to XML HTTP Request object\n" + exception.toString());
else
alert("Exception raised @ open() method to" +
" XML HTTP Request object\n" + exception.toString());
}
try {
requestObject.setRequestHeader("Content-Type",
"application/x-www-form-urlencoded");
} catch (exception) {
// same use of Firebug console.log() or alert() as above
}
Curiously, whereas IE9 stopped at an .open() method call when it was NOT
wrapped in try/catch, it does not execute the catch block code that I can
see but instead steps through it (apparently executing the try block
statement successfully??) and then stops on the .setRequestHeader() method
call that follows it. When that gets wrapped in try/catch block, it then
steps over that to the next .setRequestHeader() call in the code again not
wrapped in try/catch and stops on that. Firefox, which did not adequately
note the exception anyway but still returns readyState == COMPLETE and
status == 0, does not run the catch block either.
(2) Even if I solve this problem above, it does not address the workarounds
to the cross-domain problem. HTTP clients should allow users to give
scripts permission to get around the cross-domain problem, as it seems they
did in the past. There is a lot of confusing information about workarounds
to the cross-domain problem with changing HTML versions it seems. Does
anyone know of the definitive resource or explanation on the use of the
XmlHttpRequest object and how to troubleshoot its use in development?
recommended posting it to a low traffic group mozilla.dev.extensions]
I ran into an issue where my interactive web document presents a form to the
user, and the form processes the user input by making an HTTP request to a
server with a scientific database, that is NOT the same server that served
the interactive web document (this is apparently the cross-domain problem).
The Firefox browser does not alert the developer/user of this violation in a
helpful way. When one initializes the XmlHttpRequest object in the usual
way (calls to .open() method, calls to .setRequestHeader() method, then
finally the .send() method), the XmlHttpRequest.readyState attains a value
of 4 (the COMPLETE condition), but the XmlHttpRequest.status value is ZERO
instead of the expected 3-digit HTTP status value (preferably 200 in a
successfully completed HTTP request). In going through Google search
results to answer my "WTF is going on" question, the cross-domain security
issue came up. I then used IE9, and sure enough, it at least reported a
PERMISSION error at the call to the XmlHttpRequest.open() method.
I have two questions.
(1) Numerous methods of the XmlHttpRequest object do not return values to
indicate success (true) or failure (false) with respect to execution of the
method. The mechanism of informing the caller of an error in using the
method appears to be the throwing of exceptions, according to a "standard"
regarding the XmlHttpRequest object found at W3C. Thus to detect errors---
or rather exceptions---in the use of object methods, it is sensible to make
method calls in try/catch blocks (correct?). Like so:
try {
requestObject.open(method, url, isSetAsynchronous);
} catch (exception) {
if (console && console.log) // if Firebug is working
console.log("Exception raised @ open() method" +
" to XML HTTP Request object\n" + exception.toString());
else
alert("Exception raised @ open() method to" +
" XML HTTP Request object\n" + exception.toString());
}
try {
requestObject.setRequestHeader("Content-Type",
"application/x-www-form-urlencoded");
} catch (exception) {
// same use of Firebug console.log() or alert() as above
}
Curiously, whereas IE9 stopped at an .open() method call when it was NOT
wrapped in try/catch, it does not execute the catch block code that I can
see but instead steps through it (apparently executing the try block
statement successfully??) and then stops on the .setRequestHeader() method
call that follows it. When that gets wrapped in try/catch block, it then
steps over that to the next .setRequestHeader() call in the code again not
wrapped in try/catch and stops on that. Firefox, which did not adequately
note the exception anyway but still returns readyState == COMPLETE and
status == 0, does not run the catch block either.
(2) Even if I solve this problem above, it does not address the workarounds
to the cross-domain problem. HTTP clients should allow users to give
scripts permission to get around the cross-domain problem, as it seems they
did in the past. There is a lot of confusing information about workarounds
to the cross-domain problem with changing HTML versions it seems. Does
anyone know of the definitive resource or explanation on the use of the
XmlHttpRequest object and how to troubleshoot its use in development?