Obsolete
This feature is obsolete. Although it may still work in some browsers, its use is discouraged since it could be removed at any time. Try to avoid using it.

Non-standard
This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.

XDomainRequest is an implementation of HTTP access control (CORS) that worked in Internet Explorer 8 and 9. It was removed in Internet Explorer 10 in favor of using XMLHttpRequest with proper CORS; if you are targeting Internet Explorer 10 or later, or wish to support any other browser, you need to use standard HTTP access control.

This interface can send both GET and POST requests.

Syntax

var xdr = new XDomainRequest();

Returns a new XDomainRequest object, which can then be used to make and manage these requests.

Properties

XDomainRequest.timeout
Gets or sets the amount of time until a request times out.
XDomainRequest.responseText
Gets the response body as a string.

Methods

XDomainRequest.open()
Opens the request, specifing the method (GET/POST) and URL.
XDomainRequest.send()
Sends the request. POST data is specified in this method.
XDomainRequest.abort()
Aborts the request.

Event handlers

XDomainRequest.onprogress
A handler for when the request has made progress between the send method call and the onload event.
XDomainRequest.ontimeout
A handler for when the request times out.
XDomainRequest.onerror
A handler for when a request has errored.
XDomainRequest.onload
A handler for when the full response has been received from the server.

Example

if(window.XDomainRequest){
  var xdr = new XDomainRequest();

  xdr.open("get", "http://example.com/api/method");

  xdr.onprogress = function () {
    //Progress
  };

  xdr.ontimeout = function () { 
    //Timeout
  };

  xdr.onerror = function () { 
    //Error Occurred
  };

  xdr.onload = function() {
    //success(xdr.responseText);
  }

  setTimeout(function () {
    xdr.send();
  }, 0);
}

Note: The xdr.send() call is wrapped in a timeout (see window.setTimeout() to prevent an issue with the interface where some requests are lost if multiple XDomainRequests are being sent at the same time.

Security

The XDomainRequest is built to be secure in multiple ways.

  • The origin's security protocol must match that of the requested URL. (http to http, https to https). If these do not match, the request will error "Access is Denied".
  • The requested URL's server must have the Access-Control-Allow-Origin header set to either all ("*") or to include the origin of the request.

Specifications

This interface and its methods are non-standard.

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidiOS SafariSamsung Internet
Basic support
DeprecatedNon-standard
Chrome No support NoEdge No support NoFirefox No support NoIE No support 8 — 11Opera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoEdge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No
abort
DeprecatedNon-standard
Chrome No support NoEdge No support NoFirefox No support NoIE No support 8 — 11Opera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoEdge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No
onerror
DeprecatedNon-standard
Chrome No support NoEdge No support NoFirefox No support NoIE No support 8 — 11Opera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoEdge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No
onload
DeprecatedNon-standard
Chrome No support NoEdge No support NoFirefox No support NoIE No support 8 — 11Opera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoEdge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No
onprogress
DeprecatedNon-standard
Chrome No support NoEdge No support NoFirefox No support NoIE No support 8 — 11Opera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoEdge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No
ontimeout
DeprecatedNon-standard
Chrome No support NoEdge No support NoFirefox No support NoIE No support 8 — 11Opera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoEdge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No
open
DeprecatedNon-standard
Chrome No support NoEdge No support NoFirefox No support NoIE No support 8 — 11Opera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoEdge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No
responseText
DeprecatedNon-standard
Chrome No support NoEdge No support NoFirefox No support NoIE No support 8 — 11Opera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoEdge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No
send
DeprecatedNon-standard
Chrome No support NoEdge No support NoFirefox No support NoIE No support 8 — 11Opera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoEdge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No
timeout
DeprecatedNon-standard
Chrome No support NoEdge No support NoFirefox No support NoIE No support 8 — 11Opera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoEdge Mobile No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No

Legend

No support  
No support
Non-standard. Expect poor cross-browser support.
Non-standard. Expect poor cross-browser support.
Deprecated. Not for use in new websites.
Deprecated. Not for use in new websites.

Document Tags and Contributors

Last updated by: teoli,