5

I have a single page web application delivered from www.example.com. This web applications

  • needs to make AJAX requests against another server named api.example.com
  • it has to set certain header fields like Authorization when sending requests to api.example.com
  • it has to be compatible with recent and not so recent browsers (for example IE >= 8)

All this works by handling CORS requests on api.example.com with Chrome (and other recent WebKit-based browsers) using XMLHttpRequest. IE older than version 10 doesn't implement CORS for XMLHttpRequest and instead provides the non-standard XDomainRequest object for cross-domain requests. But XDomainRequest does not implement a way to set HTTP header fields.

So my question is: How can I make cross-domain requests with custom headers without using XDomainRequest or XMLHttpRequest? What is the best practice workaround?

Edit: I have control over all involved servers (*.example.com).

Community
  • 1
  • 1
Jan Deinhard
  • 19,645
  • 24
  • 81
  • 137

1 Answers1

1

I'm afraid there is no other way but to implement a proxy for this request in your application's server side. An example.

Rafał Rutkowski
  • 1,419
  • 10
  • 11
  • 3
    This is correct. You could always use an iframe and `postMessage` though. – idbehold Feb 07 '13 at 04:38
  • So I assume there is at least one other way :) – Jan Deinhard Feb 07 '13 at 08:21
  • I had no idea such useful method as postMessage existed, so thanks @idbehold. You'll need to have control over api.example.com, because you have to put the iframe content in that domain. Also it seems that you can only send strings with postMessage in IE. – Rafał Rutkowski Feb 07 '13 at 09:03
  • For sending strings in IE you'll simply want to `JSON.encode()` when sending and then `JSON.decode()` when receiving. – idbehold May 21 '13 at 15:42