Annotation of 2006/webapi/XMLHttpRequest/Overview.html, revision 1.184
1.1 avankest 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
1.2 avankest 2:
1.25 avankest 3: <html lang=en-US>
1.1 avankest 4: <head>
5: <title>The XMLHttpRequest Object</title>
1.2 avankest 6:
1.20 avankest 7: <style type="text/css">
1.118 avankest 8: pre.idl { border:solid thin; background:#eee; color:#000; padding:0.5em }
1.20 avankest 9: pre.idl :link, pre.idl :visited { color:inherit; background:transparent }
1.60 avankest 10: pre code { color:inherit; background:transparent }
1.20 avankest 11: div.example { margin-left:1em; padding-left:1em; border-left:double; color:#222; background:#fcfcfc }
1.90 avankest 12: .note { margin-left:2em; font-weight:bold; font-style:italic; color:#008000 }
1.20 avankest 13: p.note::before { content:"Note: " }
1.90 avankest 14: .issue { padding:.5em; border:solid #f00 }
1.20 avankest 15: p.issue::before { content:"Issue: " }
1.120 avankest 16: dl.switch { padding-left:2em }
17: dl.switch dt { text-indent:-1.5em }
18: dl.switch dt:before { content:'\21AA'; padding:0 0.5em 0 0; display:inline-block; width:1em; text-align:right; line-height:0.5em }
1.20 avankest 19: em.ct { text-transform:lowercase; font-variant:small-caps; font-style:normal }
20: dfn { font-weight:bold; font-style:normal }
21: code { color:orangered }
22: code :link, code :visited { color:inherit }
1.123 avankest 23: h1 code, h2 code, h3 code { color:inherit; background:inherit; font:inherit }
1.20 avankest 24: </style>
1.174 avankest 25: <link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel=stylesheet>
1.2 avankest 26:
1.1 avankest 27: <body>
1.25 avankest 28: <div class=head>
29: <p><a href="http://www.w3.org/"><img alt=W3C height=48
30: src="http://www.w3.org/Icons/w3c_home" width=72></a></p>
1.2 avankest 31:
1.157 avankest 32: <h1 class=head id=the-xmlhttprequest-object>The <code
1.14 avankest 33: title="">XMLHttpRequest</code> Object</h1>
1.2 avankest 34:
1.182 avankest 35: <h2 class="no-num no-toc" id=w3c-doctype>Editor's Draft 26 May 2008</h2>
1.2 avankest 36:
1.1 avankest 37: <dl>
1.154 avankest 38: <dt>This Version:
1.2 avankest 39:
40: <dd><a
1.182 avankest 41: href="http://www.w3.org/TR/2008/ED-XMLHttpRequest-20080526/">http://www.w3.org/TR/2008/ED-XMLHttpRequest-20080526/</a>
1.2 avankest 42:
1.14 avankest 43: <dt>Latest Version:
1.2 avankest 44:
45: <dd><a
46: href="http://www.w3.org/TR/XMLHttpRequest/">http://www.w3.org/TR/XMLHttpRequest/</a>
47:
1.14 avankest 48: <dt>Previous Versions:
1.2 avankest 49:
50: <dd><a
1.174 avankest 51: href="http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/">http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/</a>
52:
53: <dd><a
1.155 avankest 54: href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/</a>
55:
56: <dd><a
1.134 avankest 57: href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/</a>
58:
59: <dd><a
1.60 avankest 60: href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/</a>
61:
62: <dd><a
1.25 avankest 63: href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/</a>
64:
65: <dd><a
1.2 avankest 66: href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/</a>
67:
68: <dd><a
69: href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/</a>
70:
71: <dt>Editor:
72:
73: <dd><a href="http://annevankesteren.nl/">Anne van Kesteren</a> (<a
74: href="http://www.opera.com/">Opera Software ASA</a>) <<a
75: href="mailto:annevk@opera.com">annevk@opera.com</a>>
1.1 avankest 76: </dl>
1.2 avankest 77:
1.25 avankest 78: <p class=copyright><a
1.2 avankest 79: href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
1.53 avankest 80: © 2007 <a href="http://www.w3.org/"><acronym title="World Wide Web
81: Consortium">W3C</acronym></a><sup>®</sup> (<a
82: href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute
83: of Technology">MIT</acronym></a>, <a
84: href="http://www.ercim.org/"><acronym title="European Research Consortium
85: for Informatics and Mathematics">ERCIM</acronym></a>, <a
1.2 avankest 86: href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a
87: href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
88: <a
89: href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>
90: and <a
91: href="http://www.w3.org/Consortium/Legal/copyright-documents">document
92: use</a> rules apply.</p>
1.1 avankest 93: </div>
1.2 avankest 94:
95: <hr>
96:
1.25 avankest 97: <h2 class="no-num no-toc" id=specabstract>Abstract</h2>
1.2 avankest 98:
1.25 avankest 99: <p>The <code title="">XMLHttpRequest</code> Object specification defines an
100: <abbr title="Application Programming Interface">API</abbr> that provides
101: scripted client functionality for transferring data between a client and a
102: server.
103:
104: <h2 class="no-num no-toc" id=sotd>Status of this Document</h2>
1.2 avankest 105:
106: <p><em>This section describes the status of this document at the time of
107: its publication. Other documents may supersede this document. A list of
108: current W3C publications and the latest revision of this technical report
109: can be found in the <a href="http://www.w3.org/TR/">W3C technical reports
1.173 avankest 110: index</a> at http://www.w3.org/TR/.</em>
1.2 avankest 111:
1.182 avankest 112: <p>This is the 26 May 2008 Last Call Working Draft of The <code
1.148 avankest 113: title="">XMLHttpRequest</code> Object specification. Please send comments
114: to <a href="mailto:public-webapi@w3.org">public-webapi@w3.org</a> (<a
1.49 avankest 115: href="http://lists.w3.org/Archives/Public/public-webapi/">archived</a>)
116: with either <samp>[XHR]</samp> or <samp title="">[XMLHttpRequest]</samp>
1.173 avankest 117: at the start of the subject line before befor 2 June 2008.
1.49 avankest 118:
119: <p>This document is produced by the <a
120: href="http://www.w3.org/2006/webapi/">Web API Working Group</a>, part of
121: the <a href="http://www.w3.org/2006/rwc/Activity">Rich Web Clients
122: Activity</a> in the W3C <a
123: href="http://www.w3.org/Interaction/">Interaction Domain</a>. Changes made
124: to this document can be found in the <a
125: href="http://dev.w3.org/cvsweb/2006/webapi/XMLHttpRequest/Overview.html">W3C
126: public CVS server</a>.
1.2 avankest 127:
128: <p>Publication as a Working Draft does not imply endorsement by the W3C
129: Membership. This is a draft document and may be updated, replaced or
130: obsoleted by other documents at any time. It is inappropriate to cite this
131: document as other than work in progress.
132:
133: <p>This document was produced by a group operating under the <a
134: href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February
1.54 avankest 135: 2004 W3C Patent Policy</a>. W3C maintains a <a
136: href="http://www.w3.org/2004/01/pp-impl/38482/status"
1.25 avankest 137: rel=disclosure>public list of any patent disclosures</a> made in
1.2 avankest 138: connection with the deliverables of the group; that page also includes
139: instructions for disclosing a patent. An individual who has actual
140: knowledge of a patent which the individual believes contains <a
141: href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
142: Claim(s)</a> must disclose the information in accordance with <a
143: href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
144: 6 of the W3C Patent Policy</a>.
145:
1.25 avankest 146: <h2 class="no-num no-toc" id=toc>Table of Contents</h2>
1.2 avankest 147: <!--begin-toc-->
148:
1.25 avankest 149: <ul class=toc>
150: <li><a href="#introduction"><span class=secno>1. </span>Introduction</a>
1.154 avankest 151:
152: <li><a href="#conformance"><span class=secno>2. </span>Conformance</a>
1.25 avankest 153: <ul class=toc>
1.168 avankest 154: <li><a href="#dependencies"><span class=secno>2.1
1.154 avankest 155: </span>Dependencies</a>
1.2 avankest 156:
1.168 avankest 157: <li><a href="#terminology"><span class=secno>2.2 </span>Terminology</a>
1.81 avankest 158:
1.168 avankest 159: <li><a href="#extensibility"><span class=secno>2.3
1.154 avankest 160: </span>Extensibility</a>
161: </ul>
1.81 avankest 162:
1.154 avankest 163: <li><a href="#security"><span class=secno>3. </span>Security
164: Considerations</a>
1.2 avankest 165:
1.154 avankest 166: <li><a href="#xmlhttprequest"><span class=secno>4. </span>The <code
1.16 avankest 167: title="">XMLHttpRequest</code> Object</a>
1.25 avankest 168: <ul class=toc>
1.168 avankest 169: <li><a href="#events"><span class=secno>4.1 </span>Events for the <code
1.33 avankest 170: title="">XMLHttpRequest</code> Object</a>
171:
1.168 avankest 172: <li><a href="#exceptions"><span class=secno>4.2 </span>Exceptions for
1.33 avankest 173: the <code title="">XMLHttpRequest</code> Object</a>
1.11 avankest 174: </ul>
1.2 avankest 175:
1.31 avankest 176: <li class=no-num><a href="#notcovered">Not in this Specification</a>
177:
1.25 avankest 178: <li class=no-num><a href="#bibref">References</a>
1.2 avankest 179:
1.131 avankest 180: <li class=no-num><a href="#acknowledgments">Acknowledgments</a>
1.2 avankest 181: </ul>
182: <!--end-toc-->
183:
1.25 avankest 184: <h2 id=introduction><span class=secno>1. </span>Introduction</h2>
1.2 avankest 185:
186: <p><em>This section is non-normative.</em>
187:
1.60 avankest 188: <p>The <code><a href="#xmlhttprequest-object">XMLHttpRequest</a></code>
189: object implements an interface exposed by a scripting engine that allows
190: scripts to perform HTTP client functionality, such as submitting form data
1.184 ! avankest 191: or loading data from a server. It is the ECMAScript HTTP API.
1.2 avankest 192:
193: <p>The name of the object is <code><a
1.60 avankest 194: href="#xmlhttprequest-object">XMLHttpRequest</a></code> for compatibility
1.128 avankest 195: with the Web, though each component of this name is potentially
1.60 avankest 196: misleading. First, the object supports any text based format, including
197: XML. Second, it can be used to make requests over both HTTP and HTTPS
198: (some implementations support protocols in addition to HTTP and HTTPS, but
199: that functionality is not covered by this specification). Finally, it
200: supports "requests" in a broad sense of the term as it pertains to HTTP;
201: namely all activity involved with HTTP requests or responses for the
202: defined HTTP methods.
1.2 avankest 203:
1.25 avankest 204: <div class=example>
1.18 avankest 205: <p>Some simple code to do something with data from an XML document fetched
206: over the network:</p>
207:
1.60 avankest 208: <pre><code>function test(data) {
1.18 avankest 209: // taking care of data
210: }
211:
212: function handler() {
1.118 avankest 213: if(this.readyState == 4 && this.status == 200) {
1.18 avankest 214: // so far so good
1.118 avankest 215: if(this.responseXML != null && this.responseXML.getElementById('test').firstChild.data)
216: // success!
1.18 avankest 217: test(this.responseXML.getElementById('test').firstChild.data);
218: else
219: test(null);
1.118 avankest 220: } else if (this.readyState == 4 && this.status != 200) {
1.18 avankest 221: // fetched the wrong page or network error...
222: test(null);
223: }
224: }
225:
226: var client = new XMLHttpRequest();
227: client.onreadystatechange = handler;
228: client.open("GET", "test.xml");
1.60 avankest 229: client.send();</code></pre>
1.18 avankest 230:
1.58 avankest 231: <p>If you just want to log a message to the server:</p>
1.18 avankest 232:
1.60 avankest 233: <pre><code>function log(message) {
1.18 avankest 234: var client = new XMLHttpRequest();
1.58 avankest 235: client.open("POST", "/log");
1.59 avankest 236: client.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
1.18 avankest 237: client.send(message);
1.60 avankest 238: }</code></pre>
1.18 avankest 239:
240: <p>Or if you want to check the status of a document on the server:</p>
241:
1.60 avankest 242: <pre><code>function fetchStatus(address) {
1.18 avankest 243: var client = new XMLHttpRequest();
244: client.onreadystatechange = function() {
245: // in case of network errors this might not give reliable results
246: if(this.readyState == 4)
247: returnStatus(this.status);
248: }
249: client.open("HEAD", address);
250: client.send();
1.60 avankest 251: }</code></pre>
1.18 avankest 252: </div>
1.2 avankest 253:
1.154 avankest 254: <h2 id=conformance><span class=secno>2. </span>Conformance</h2>
1.2 avankest 255:
1.29 avankest 256: <p>Everything in this specification is normative except for diagrams,
1.2 avankest 257: examples, notes and sections marked non-normative.
258:
1.25 avankest 259: <p>The key words <em class=ct>must</em>, <em class=ct>must not</em>, <em
1.75 avankest 260: class=ct>should</em> and <em class=ct>may</em> in this document are to be
261: interpreted as described in RFC 2119. [<cite><a
1.146 avankest 262: href="#ref-rfc2119">RFC2119</a></cite>]
1.2 avankest 263:
264: <p>This specification defines the following classes of products:
265:
266: <dl>
1.75 avankest 267: <dt><dfn id=conforming-user-agent>Conforming user agent</dfn>
1.2 avankest 268:
1.75 avankest 269: <dd>
270: <p>A user agent <em class=ct>must</em> behave as described in this
1.107 avankest 271: specification in order to be considered conformant.</p>
1.75 avankest 272:
1.141 avankest 273: <p>If the user agent is not a conforming XML user agent the <a
274: href="#xml-response-entity-body">XML response entity body</a> <em
275: class=ct>must</em> (always) be <code>null</code>.</p>
276:
277: <p>User agents <em class=ct>may</em> implement algorithms given in this
278: specification in any way desired, so long as the end result is
279: indistinguishable from the result that would be obtained by the
280: specification's algorithms.</p>
1.2 avankest 281:
1.96 avankest 282: <p class=note>This specification uses both the terms "conforming user
283: agent(s)" and "user agent(s)" to refer to this product class.</p>
284:
1.95 avankest 285: <dt><dfn id=conforming-xml-user-agent>Conforming XML user agent</dfn>
286:
287: <dd>
1.164 avankest 288: <p>An XML user agent <em class=ct>must</em> be a <a
289: href="#conforming-user-agent">conforming user agent</a> and <em
290: class=ct>must</em> be a conforming XML processor that reports violations
291: of namespace well-formedness. [<cite><a href="#ref-xml">XML</a></cite>]
292: [<cite><a href="#ref-xmlns">XMLNS</a></cite>]
1.2 avankest 293: </dl>
294:
1.168 avankest 295: <h3 id=dependencies><span class=secno>2.1 </span>Dependencies</h3>
1.2 avankest 296:
1.31 avankest 297: <p>This specification relies on several underlying specifications.
1.2 avankest 298:
1.31 avankest 299: <dl>
300: <dt>DOM
1.2 avankest 301:
1.31 avankest 302: <dd>
1.127 avankest 303: <p>A <a href="#conforming-user-agent" title="conforming user
1.177 avankest 304: agent">conforming user agent</a> <em class=ct>must</em> support at least
305: the subset of the functionality defined in DOM Events and DOM Core that
1.183 avankest 306: this specification relies upon, such as various exceptions and
307: <code>EventTarget</code>. [<cite><a
1.156 avankest 308: href="#ref-dom2events">DOM2Events</a></cite>] [<cite><a
309: href="#ref-dom3core">DOM3Core</a></cite>]
1.2 avankest 310:
1.162 avankest 311: <dt>HTML 5
312:
313: <dd>
1.183 avankest 314: <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
315: class=ct>must</em> at least the subset of the functionality defined in
316: HTML 5 that this specification relies upon, such as the
317: <code>Window</code> object and serializing a <code>Document</code>
318: object.</p>
319: [<cite><a href="#ref-html5">HTML5</a></cite>]
1.162 avankest 320: <p class=note>The <a
321: href="http://www.w3.org/TR/2006/WD-Window-20060407/">Window Object
322: 1.0</a> draft is not referenced normatively as it appears to be no
323: longer maintained and HTML 5 defines the <code>Window</code> object
324: in more detail. This specification already depends on HTML 5 for
325: other reasons so there is not much additional overhead because of this.</p>
326:
1.31 avankest 327: <dt>HTTP
1.11 avankest 328:
1.31 avankest 329: <dd>
1.156 avankest 330: <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
331: class=ct>must</em> support some version of the HTTP protocol. It <em
332: class=ct>should</em> support any HTTP method that matches the <a
333: href="#method"><code>Method</code> production</a> and <em
334: class=ct>must</em> at least support the following methods:</p>
1.81 avankest 335:
1.60 avankest 336: <ul>
337: <li><code>GET</code>
338:
339: <li><code>POST</code>
340:
341: <li><code>HEAD</code>
342:
343: <li><code>PUT</code>
344:
345: <li><code>DELETE</code>
346:
347: <li><code>OPTIONS</code>
348: </ul>
349:
350: <p>Other requirements regarding HTTP are made throughout the
1.146 avankest 351: specification. [<cite><a href="#ref-rfc2616">RFC2616</a></cite>]</p>
1.182 avankest 352:
353: <dt>Web IDL
354:
355: <dd>A <a href="#conforming-user-agent">conforming user agent</a> <em
356: class=ct>must</em> also be a conforming implementation of the IDL
357: fragment in this specification, as described in the Web IDL
358: specification. [<cite><span>WebIDL</span></cite>]
1.31 avankest 359: </dl>
1.2 avankest 360:
1.168 avankest 361: <h3 id=terminology><span class=secno>2.2 </span>Terminology</h3>
1.81 avankest 362:
363: <p>There is a <dfn id=case-insensitive-match>case-insensitive match</dfn>
1.154 avankest 364: of strings <var>s1</var> and <var>s2</var> if after mapping the ASCII
365: character range A-Z to the range a-z both strings are identical.
1.2 avankest 366:
1.142 avankest 367: <p>Two URIs are <dfn id=same-origin>same-origin</dfn> if after performing
368: scheme-based normalization on both URIs as described in section 5.3.3 of
1.146 avankest 369: RFC 3987 the scheme, ihost and port components are identical. If either
1.154 avankest 370: URI does not have an ihost component the URIs <em class=ct>must not</em>
371: be considered same-origin. [<cite><a
1.178 avankest 372: href="#ref-rfc3986">RFC3986</a></cite>] [<cite><a
1.148 avankest 373: href="#ref-rfc3987">RFC3987</a></cite>]
1.142 avankest 374:
1.158 avankest 375: <p>The terms <dfn id=origin>origin</dfn> and <dfn
376: id=event-handler-attribute>event handler DOM attribute</dfn> are defined
377: by the HTML 5 specification. [<cite><a
378: href="#ref-html5">HTML5</a></cite>]
1.156 avankest 379:
1.168 avankest 380: <h3 id=extensibility><span class=secno>2.3 </span>Extensibility</h3>
1.2 avankest 381:
1.82 avankest 382: <p>Extensions of the API defined by this specification are <em>strongly
1.31 avankest 383: discouraged</em>. User agents, Working Groups and other interested parties
1.35 avankest 384: should discuss extensions on a relevant public forum, preferably <a
1.31 avankest 385: href="mailto:public-webapi@w3.org">public-webapi@w3.org</a>.
1.2 avankest 386:
1.154 avankest 387: <h2 id=security><span class=secno>3. </span>Security Considerations</h2>
388:
1.155 avankest 389: <p>Apart from requirements affecting security made throughout this
390: specification implementations <em class=ct>may</em>, at their discretion,
1.176 avankest 391: not expose certain headers, such as headers containing HttpOnly cookies.
1.178 avankest 392: [<cite><a href="#ref-httponly">HTTPONLY</a></cite>]
1.154 avankest 393:
394: <h2 id=xmlhttprequest><span class=secno>4. </span>The <code
1.16 avankest 395: title="">XMLHttpRequest</code> Object</h2>
1.2 avankest 396:
1.60 avankest 397: <p>The <code><a href="#xmlhttprequest-object">XMLHttpRequest</a></code>
398: object can be used by scripts to programmatically connect to their
399: originating server via HTTP.
1.2 avankest 400:
401: <p>Objects implementing the <code><a
1.60 avankest 402: href="#xmlhttprequest-object">XMLHttpRequest</a></code> interface <em
403: class=ct>must</em> also implement the <code>EventTarget</code> interface.
1.156 avankest 404: [<cite><a href="#ref-dom2events">DOM2Events</a></cite>]
1.60 avankest 405:
406: <p>Objects implementing the <code title="">Window</code> interface <em
407: class=ct>must</em> provide an <code title="">XMLHttpRequest()</code>
1.156 avankest 408: constructor. [<cite><a href="#ref-html5">HTML5</a></cite>]
1.2 avankest 409:
1.25 avankest 410: <div class=example>
1.60 avankest 411: <p>In ECMAScript this can be used as follows:</p>
1.118 avankest 412:
1.60 avankest 413: <pre><code>var client = new XMLHttpRequest();</code></pre>
1.1 avankest 414: </div>
1.2 avankest 415:
1.60 avankest 416: <p>When the <code title="">XMLHttpRequest()</code> constructor is invoked a
1.158 avankest 417: persistent pointer to the associated <code title="">Document</code> object
418: is stored on the newly created object. This is the <dfn
419: id=document-pointer title="Document pointer"><code>Document</code>
420: pointer</dfn>. The associated <code>Document</code> object is the one
421: returned by the <code>document</code> attribute from the object on which
422: the <code title="">XMLHttpRequest()</code> constructor was invoked (a
423: <code>Window</code> object). The pointer can become "null" if the object
424: is destroyed.
425:
426: <p class=note>As per the conformance criteria implementations are free to
427: implement this in any way they desire as long as the end results are
428: identical to those given by the English prose.
1.2 avankest 429:
1.60 avankest 430: <div class=example>
1.158 avankest 431: <p>If <var><code>iframe</code></var> is a <code title="">Window</code>
1.176 avankest 432: object, <var><code>client</code></var> will have a pointer to
1.158 avankest 433: <var><code>iframe.document</code></var> in the following example:</p>
1.60 avankest 434:
1.158 avankest 435: <pre><code>var client = new iframe.XMLHttpRequest()</code></pre>
1.60 avankest 436: </div>
1.11 avankest 437:
1.60 avankest 438: <pre
1.182 avankest 439: class=idl>[Constructor] interface <dfn id=xmlhttprequest-object>XMLHttpRequest</dfn> {
1.60 avankest 440: // event handler
1.132 avankest 441: attribute EventListener <a href="#onreadystatechange">onreadystatechange</a>;
1.60 avankest 442:
443: // state
1.135 avankest 444: const unsigned short <a href="#unsent-state" title="UNSENT state">UNSENT</a> = 0;
445: const unsigned short <a href="#opened-state" title="OPENED state">OPENED</a> = 1;
1.132 avankest 446: const unsigned short <a href="#headers-received-state" title="HEADERS_RECEIVED state">HEADERS_RECEIVED</a> = 2;
447: const unsigned short <a href="#loading-state" title="LOADING state">LOADING</a> = 3;
448: const unsigned short <a href="#done-state" title="DONE state">DONE</a> = 4;
449: readonly attribute unsigned short <a href="#readystate">readyState</a>;
1.60 avankest 450:
451: // request
1.132 avankest 452: void <a href="#open">open</a>(in DOMString <var>method</var>, in DOMString <var>url</var>);
453: void <a href="#open">open</a>(in DOMString <var>method</var>, in DOMString <var>url</var>, in boolean <var>async</var>);
1.182 avankest 454: void <a href="#open">open</a>(in DOMString <var>method</var>, in DOMString <var>url</var>, in boolean <var>async</var>, [Null=Null, Undefined=Null] in DOMString <var>user</var>);
455: void <a href="#open">open</a>(in DOMString <var>method</var>, in DOMString <var>url</var>, in boolean <var>async</var>, [Null=Null, Undefined=Null] in DOMString <var>user</var>, [Null=Null, Undefined=Null] in DOMString <var>password</var>);
1.132 avankest 456: void <a href="#setrequestheader">setRequestHeader</a>(in DOMString <var>header</var>, in DOMString <var>value</var>);
457: void <a href="#send">send</a>();
1.182 avankest 458: void <a href="#send">send</a>([Null=Null, Undefined=Null] in DOMString <var>data</var>);
1.132 avankest 459: void <a href="#send">send</a>(in Document <var>data</var>);
460: void <a href="#abort">abort</a>();
1.60 avankest 461:
462: // response
1.132 avankest 463: DOMString <a href="#getallresponseheaders">getAllResponseHeaders</a>();
464: DOMString <a href="#getresponseheader">getResponseHeader</a>(in DOMString <var>header</var>);
465: readonly attribute DOMString <a href="#responsetext">responseText</a>;
466: readonly attribute Document <a href="#responsexml">responseXML</a>;
467: readonly attribute unsigned short <a href="#status">status</a>;
468: readonly attribute DOMString <a href="#statustext">statusText</a>;
1.5 avankest 469: };</pre>
1.2 avankest 470:
1.60 avankest 471: <p>The <code><a href="#xmlhttprequest-object">XMLHttpRequest</a></code>
1.135 avankest 472: object can be in five states: <a href="#unsent-state" title="UNSENT
473: state">UNSENT</a>, <a href="#opened-state" title="OPENED
474: state">OPENED</a>, <a href="#headers-received-state"
475: title="HEADERS_RECEIVED state">HEADERS_RECEIVED</a>, <a
476: href="#loading-state" title="LOADING state">LOADING</a> and <a
477: href="#done-state" title="DONE state">DONE</a>. The current state is
478: exposed through the <code><a href="#readystate">readyState</a></code>
479: attribute. The method definitions below define when a state transition
480: takes place.
1.60 avankest 481:
482: <p>When constructed, the <code><a
483: href="#xmlhttprequest-object">XMLHttpRequest</a></code> object <em
1.72 avankest 484: class=ct>must</em> be in the UNSENT state. This state is represented by
1.135 avankest 485: the <dfn id=unsent-state title="UNSENT state"><code>UNSENT</code></dfn>
1.72 avankest 486: constant, whose value is <code>0</code>.
1.60 avankest 487:
1.135 avankest 488: <p>The OPENED state is the state of the object when the <code><a
1.132 avankest 489: href="#open">open()</a></code> method has been successfully invoked.
1.93 avankest 490: During this state request headers can be set using <code><a
1.132 avankest 491: href="#setrequestheader">setRequestHeader()</a></code> and the request can
492: be made using <code><a href="#send">send()</a></code>. This state is
1.135 avankest 493: represented by the <dfn id=opened-state title="OPENED
494: state"><code>OPENED</code></dfn> constant, whose value is <code>1</code>.
1.60 avankest 495:
1.135 avankest 496: <p>The OPENED state has an associated <dfn id=send-flag><code>send()</code>
1.175 avankest 497: flag</dfn> which indicates whether the <code><a
498: href="#send">send()</a></code> method has been invoked. It can be either
499: "true" or "false" and has an initial value of "false".
1.88 avankest 500:
1.124 avankest 501: <p>The HEADERS_RECEIVED state is the state of the object when all response
502: headers have been received. This state is represented by the <dfn
1.132 avankest 503: id=headers-received-state title="HEADERS_RECEIVED
1.124 avankest 504: state"><code>HEADERS_RECEIVED</code></dfn> constant, whose value is
505: <code>2</code>.
506:
507: <p>The LOADING state is the state of the object when the response entity
1.132 avankest 508: body is being received. This state is represented by the <dfn
509: id=loading-state title="LOADING state"><code>LOADING</code></dfn>
510: constant, whose value is <code>3</code>.
1.60 avankest 511:
1.80 avankest 512: <p>The DONE state is the state of the object when either the data transfer
513: has been completed or something went wrong during the transfer (infinite
1.132 avankest 514: redirects for instance). This state is represented by the <dfn
515: id=done-state title="DONE state"><code>DONE</code></dfn> constant, whose
516: value is <code>4</code>.
1.60 avankest 517:
1.125 avankest 518: <p>The DONE state has an associated <dfn id=error-flag>error flag</dfn>
1.175 avankest 519: which indicates some type of network error or abortion. It can be either
520: "true" or "false" and has an initial value of "false".
1.125 avankest 521:
1.89 avankest 522: <p>The <dfn id=response-entity-body>response entity body</dfn> is the
1.132 avankest 523: fragment of the <a href="#entity-body">entity body</a> received so far
1.89 avankest 524: (LOADING state) or the complete entity body (DONE state). If there is no
525: entity body the response entity body is "null".
526:
527: <p>The <dfn id=text-response-entity-body>text response entity body</dfn> is
1.170 avankest 528: a <code>DOMString</code> representing the <a
529: href="#response-entity-body">response entity body</a>. The text response
530: entity body is the return value of the following algorithm:
1.89 avankest 531:
532: <ol>
1.91 avankest 533: <li>
1.168 avankest 534: <p>If the response entity body is "null" return the empty string and
1.108 avankest 535: terminate these steps.</p>
1.91 avankest 536:
537: <li>
1.114 avankest 538: <p>Let <var>charset</var> be "null".
1.112 avankest 539:
540: <li>
1.91 avankest 541: <p>If there is no <code>Content-Type</code> header or there is a
542: <code>Content-Type</code> header which contains a MIME type that is
1.117 avankest 543: <code>text/xml</code>, <code>application/xml</code> or ends in <code
544: title="">+xml</code> (ignoring any parameters) use the rules set forth
1.127 avankest 545: in the XML specifications to determine the character encoding. Let
1.117 avankest 546: <var>charset</var> be the determined character encoding.
1.91 avankest 547:
548: <li>
1.128 avankest 549: <p>If there is a <code>Content-Type</code> header which contains a
1.146 avankest 550: <code>text/html</code> MIME type follow the rules set forth in the
551: HTML 5 specification to determine the character encoding. Let
1.143 avankest 552: <var>charset</var> be the determined character encoding. [<cite><a
1.146 avankest 553: href="#ref-html5">HTML5</a></cite>]
1.119 avankest 554:
555: <li>
1.141 avankest 556: <p>If the MIME type specified by the <code>Content-Type</code> header
557: contains a <code>charset</code> parameter and <var>charset</var> is
558: "null" let <var>charset</var> be the value of that parameter.</p>
1.116 avankest 559:
1.119 avankest 560: <p class=note>The algorithms described by the XML and HTML specifications
561: already take <code>Content-Type</code> into account.</p>
1.112 avankest 562:
563: <li> <!-- This stuff is copied from HTML5. Thanks Hixie! -->
1.114 avankest 564: <p>If <var>charset</var> is "null" then, for each of the rows in the
565: following table, starting with the first one and going down, if the
1.128 avankest 566: first bytes of <var>bytes</var> match the bytes given in the first
567: column, then let <var>charset</var> be the encoding given in the cell in
568: the second column of that row. If there is no match <var>charset</var>
569: remains "null".</p>
1.112 avankest 570:
571: <table>
572: <thead>
573: <tr>
574: <th>Bytes in Hexadecimal
575:
576: <th>Description
577:
578: <tbody>
579: <tr>
580: <td>00 00 FE FF
581:
582: <td>UTF-32BE BOM
583:
584: <tr>
585: <td>FF FE 00 00
586:
587: <td>UTF-32LE BOM
588:
589: <tr>
590: <td>FE FF
591:
592: <td>UTF-16BE BOM
593:
594: <tr>
595: <td>FF FE
596:
597: <td>UTF-16LE BOM
598:
599: <tr>
600: <td>EF BB BF
601:
1.118 avankest 602: <td>UTF-8 BOM<!-- nobody uses this
603: <tr>
604: <td>DD 73 66 73
605: <td>UTF-EBCDIC
1.112 avankest 606: -->
607:
608: </table>
609:
610: <li>
1.114 avankest 611: <p>If <var>charset</var> is "null" let <var>charset</var> be UTF-8.
1.91 avankest 612:
613: <li>
1.108 avankest 614: <p>Return the result of decoding the response entity body using
1.168 avankest 615: <var>charset</var>. Replace bytes or sequences of bytes that are not
1.174 avankest 616: valid according to the <var>charset</var> with a single U+FFFD
617: character.
1.89 avankest 618: </ol>
619:
1.164 avankest 620: <p class=note>Authors are encouraged to simply encode their resources using
621: UTF-8.
622:
1.108 avankest 623: <p>The <dfn id=xml-response-entity-body>XML response entity body</dfn> is
624: either a <code>Document</code> representing the <a
1.127 avankest 625: href="#response-entity-body">response entity body</a> or
626: <code>null</code>. The XML response entity body is the return value of the
627: following algorithm:
1.89 avankest 628:
629: <ol>
1.91 avankest 630: <li>
1.108 avankest 631: <p>If the response entity body is "null" terminate these steps and return
632: <code>null</code>.
1.89 avankest 633:
634: <li>
1.104 avankest 635: <p>If a <code>Content-Type</code> is present and it does not contain a
636: MIME type (ignoring any parameters) that is <code>text/xml</code>,
1.117 avankest 637: <code>application/xml</code> or ends in <code title="">+xml</code>
638: terminate these steps and return <code>null</code>. (Do not terminate
639: these steps if there is no <code>Content-Type</code> header at all.)
1.89 avankest 640:
641: <li>
1.129 avankest 642: <p>Parse the response entity body into a document tree following the
643: rules from the XML specifications. Let the result be <var>parsed
644: document</var>. If this fails (unsupported character encoding, namespace
645: well-formedness error et cetera) terminate these steps return
646: <code>null</code>. [<cite><a href="#ref-xml">XML</a></cite>] [<cite><a
647: href="#ref-xmlns">XMLNS</a></cite>]</p>
648:
649: <p class=note>Scripts in the resulting document tree will not be
650: executed, resources referenced will not be loaded and no associated XSLT
651: will be applied.</p>
1.89 avankest 652:
653: <li>
1.97 avankest 654: <p>Return an object implementing the <code>Document</code> interface
655: representing the <var>parsed document</var>.
1.89 avankest 656: </ol>
657:
1.6 avankest 658: <dl>
1.132 avankest 659: <dt><dfn id=onreadystatechange><code>onreadystatechange</code></dfn> of
1.158 avankest 660: type <code>EventListener</code>
1.2 avankest 661:
662: <dd>
1.158 avankest 663: <p>This attribute is an <a href="#event-handler-attribute">event handler
664: DOM attribute</a> and <em class=ct>must</em> be invoked whenever a
665: <code><a href="#readystatechange">readystatechange</a></code> event is
1.174 avankest 666: targeted at the object.
1.2 avankest 667:
1.132 avankest 668: <dt><dfn id=readystate><code>readyState</code></dfn> of type
1.2 avankest 669: <code>unsigned short</code>, readonly
670:
671: <dd>
1.151 avankest 672: <p>On getting the attribute <em class=ct>must</em> return the value of
673: the constant corresponding to the object's current state.
1.2 avankest 674:
1.132 avankest 675: <dt><dfn id=open title=open><code>open(<var>method</var>, <var>url</var>,
676: <var>async</var>, <var>user</var>, <var>password</var>)</code></dfn>,
677: method
1.2 avankest 678:
1.60 avankest 679: <dd>
680: <p>When invoked, the user agent <em class=ct>must</em> follow the
1.97 avankest 681: following steps (unless otherwise indicated):</p>
1.2 avankest 682:
1.60 avankest 683: <ol>
684: <li>
1.157 avankest 685: <p>Let <var>stored method</var> be the <var>method</var> argument.
686:
687: <li>
688: <p>If <var>stored method</var> does not match the <dfn
689: id=method><code>Method</code> production</dfn>, defined in section
690: 5.1.1 of RFC 2616, raise a <code>SYNTAX_ERR</code> exception and
1.146 avankest 691: terminate these steps. [<cite><a
692: href="#ref-rfc2616">RFC2616</a></cite>]
1.2 avankest 693:
1.60 avankest 694: <li>
1.157 avankest 695: <p>If <var>stored method</var> <a href="#case-insensitive-match"
696: title="case-insensitive match">case-insensitively matches</a>
697: <code>CONNECT</code>, <code>DELETE</code>, <code>GET</code>,
1.176 avankest 698: <code>HEAD</code>, <code>OPTIONS</code>, <code>POST</code>,
1.157 avankest 699: <code>PUT</code>, <code>TRACE</code>, or <code>TRACK</code> let
700: <var>stored method</var> be the canonical uppercase form of the
1.184 ! avankest 701: matched method name.</p>
! 702:
! 703: <p class=note>If it does not match any of the above, it is passed
! 704: through literally, including in the final request.</p>
1.157 avankest 705: </li>
706: <!-- WebKit (and supposedly Firefox) also uppercase: COPY, INDEX, LOCK,
707: M-POST, MKCOL, MOVE, PROPFIND, PROPPATCH, and UNLOCK. -->
708:
709: <li>
710: <p>If <var>stored method</var> is one of <code>CONNECT</code>,
711: <code>TRACE</code>, or <code>TRACK</code> the user agent <em
712: class=ct>should</em> raise a <code><a
1.139 avankest 713: href="#security-err">SECURITY_ERR</a></code> exception and terminate
1.177 avankest 714: these steps.</p>
715:
716: <p class=note><code>TRACK</code> poses a security issue to legacy
717: server deployments.</p>
1.2 avankest 718:
1.60 avankest 719: <li>
720: <p>Drop the fragment identifier (if any) from <var>url</var> and let
721: <var>stored url</var> be the result of that operation.
1.2 avankest 722:
1.60 avankest 723: <li>
1.97 avankest 724: <p>If <var>stored url</var> is a relative reference resolve it using
1.158 avankest 725: the current value of the <code>baseURI</code> attribute of the <a
726: href="#document-pointer"><code>Document</code> pointer</a>. If this
727: fails raise a <code>SYNTAX_ERR</code> exception and terminate these
728: steps.
1.2 avankest 729:
1.60 avankest 730: <li>
1.102 avankest 731: <p>If <var>stored url</var> contains an unsupported scheme raise a
732: <code>NOT_SUPPORTED_ERR</code> and terminate these steps.
733:
734: <li>
1.60 avankest 735: <p>If the <code>"user:password"</code> format in the
736: <code>userinfo</code> production defined in section 3.2.1 of RFC 3986
737: is not supported for the relevant scheme and <var>stored url</var>
1.99 avankest 738: contains this format raise a <code>SYNTAX_ERR</code> and terminate
739: these steps. [<cite><a href="#ref-rfc3986">RFC3986</a></cite>]
1.2 avankest 740:
1.60 avankest 741: <li>
742: <p>If <var>stored url</var> contains the <code>"user:password"</code>
743: format let <var>stored user</var> be the user part and <var>stored
744: password</var> be the password part.
1.2 avankest 745:
1.60 avankest 746: <li>
747: <p>If <var>stored url</var> just contains the <code>"user"</code>
748: format let <var>stored user</var> be the user part.
1.24 avankest 749:
1.60 avankest 750: <li>
1.142 avankest 751: <p>If <var>stored url</var> is not of the <a
1.158 avankest 752: href="#same-origin">same-origin</a> as the <a
753: href="#origin">origin</a> of the <a
754: href="#document-pointer"><code>Document</code> pointer</a> the user
755: agent <em class=ct>should</em> raise a <code><a
1.148 avankest 756: href="#security-err">SECURITY_ERR</a></code> exception and terminate
1.158 avankest 757: these steps.
1.70 avankest 758:
1.60 avankest 759: <li>
760: <p>Let <var>async</var> be the value of the <var>async</var> argument
1.103 avankest 761: or <code>true</code> if it was omitted.
1.60 avankest 762:
763: <li>
1.127 avankest 764: <p>If the <var>user</var> argument was not omitted, and its syntax does
765: not match that specified by the relevant authentication scheme, raise
766: a <code>SYNTAX_ERR</code> exception and terminate these steps.
1.60 avankest 767:
768: <li>
769: <p>If the <var>user</var> argument was not omitted and is not
770: <code>null</code> let <var>stored user</var> be <var>user</var>
771: encoded using the encoding specified in the relevant authentication
772: scheme or UTF-8 if the scheme fails to specify an encoding.</p>
1.2 avankest 773:
1.60 avankest 774: <p class=note>This step overrides any user that may have been set by
775: the <var>url</var> argument.</p>
1.17 avankest 776:
1.60 avankest 777: <li>
778: <p>If the <var>user</var> argument was not omitted and is
779: <code>null</code> remove <var>stored user</var>.
1.17 avankest 780:
1.60 avankest 781: <li>
782: <p>If the <var>password</var> argument was not omitted and its syntax
783: does not match that specified by the relevant authentication scheme
1.99 avankest 784: raise a <code>SYNTAX_ERR</code> exception and terminate these steps.
1.17 avankest 785:
1.60 avankest 786: <li>
787: <p>If the <var>password</var> argument was not omitted and is not
788: <code>null</code> let <var>stored password</var> be
789: <var>password</var> encoded using the encoding specified in the
790: relevant authentication scheme or UTF-8 if the scheme fails to specify
791: an encoding.
1.17 avankest 792:
1.60 avankest 793: <li>
794: <p>If the <var>password</var> argument was not omitted and is
795: <code>null</code> remove <var>stored password</var>.
1.17 avankest 796:
1.60 avankest 797: <li>
1.109 avankest 798: <p><a href="#abort-send-algorithm" title="abort send()">Abort the
799: <code>send()</code> algorithm</a>, set <a
800: href="#response-entity-body">response entity body</a> to "null" and
801: reset the list of request headers.
1.17 avankest 802:
1.60 avankest 803: <p>
1.44 avankest 804:
1.176 avankest 805: <p class=note>This step and the next only has effect if <code><a
806: href="#send">send()</a></code> and/or <code><a
807: href="#setrequestheader">setRequestHeader()</a></code> has been used.</p>
808:
1.60 avankest 809: <li>
1.109 avankest 810: <p>The user agent <em class=ct>should</em> cancel any network activity
811: for which the object is responsible.
1.60 avankest 812: </li>
813: <!-- we can hardly require it... -->
1.22 avankest 814:
1.60 avankest 815: <li>
1.135 avankest 816: <p>Switch the object to the <a href="#opened-state" title="OPENED
817: state">OPENED</a> state, set the <a
1.132 avankest 818: href="#send-flag"><code>send()</code> flag</a> to "false" and then
819: synchronously dispatch a <code><a
820: href="#readystatechange">readystatechange</a></code> event on the
1.97 avankest 821: object and return the method call.
1.60 avankest 822: </ol>
1.24 avankest 823:
1.25 avankest 824: <p class=note>A future version or extension of this specification will
1.35 avankest 825: most likely define a way of doing cross-site requests.</p>
1.26 avankest 826:
1.132 avankest 827: <dt><dfn id=setrequestheader
1.25 avankest 828: title=setrequestheader><code>setRequestHeader(<var>header</var>,
1.18 avankest 829: <var>value</var>)</code></dfn>, method
1.6 avankest 830:
831: <dd>
1.164 avankest 832: <p>Each request has a list of request headers with associated values. The
833: <code><a href="#setrequestheader">setRequestHeader()</a></code> method
834: can be used to manipulate those values and set new request headers.</p>
835:
836: <p class=note>The <code><a
837: href="#setrequestheader">setRequestHeader()</a></code> method appends a
838: value if the HTTP header given as argument is already part of the list
839: of request headers.</p>
1.47 avankest 840:
1.60 avankest 841: <p>When invoked, the user agent <em class=ct>must</em> follow the
1.97 avankest 842: following steps (unless otherwise indicated):</p>
1.60 avankest 843:
844: <ol>
845: <li>
1.135 avankest 846: <p>If the state of the object is not <a href="#opened-state"
847: title="OPENED state">OPENED</a> raise an
848: <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.6 avankest 849:
1.60 avankest 850: <li>
1.104 avankest 851: <p>If the <a href="#send-flag"><code>send()</code> flag</a> is "true"
1.99 avankest 852: raise an <code>INVALID_STATE_ERR</code> exception and terminate these
1.97 avankest 853: steps.
1.60 avankest 854:
855: <li>
1.98 avankest 856: <p>If the <var>header</var> argument does not match the <dfn
1.60 avankest 857: id=field-name><code>field-name</code> production</dfn> as defined by
1.182 avankest 858: section 4.2 of RFC 2616 raise a <code>SYNTAX_ERR</code> exception and
859: terminate these steps. [<cite><a
1.146 avankest 860: href="#ref-rfc2616">RFC2616</a></cite>]
1.71 avankest 861:
862: <li>
1.98 avankest 863: <p>If the <var>value</var> argument does not match the <dfn
1.60 avankest 864: id=field-value><code>field-value</code> production</dfn> as defined by
1.99 avankest 865: section 4.2 of RFC 2616 raise a <code>SYNTAX_ERR</code> and terminate
1.179 avankest 866: these steps. [<cite><a href="#ref-rfc2616">RFC2616</a></cite>]</p>
867:
868: <p class=note>The empty string is legal.</p>
1.60 avankest 869:
870: <li>
1.133 avankest 871: <p>For security reasons, these steps <em class=ct>should</em> be
1.99 avankest 872: terminated if the <var>header</var> argument <a
873: href="#case-insensitive-match" title="case-insensitive
874: match">case-insensitively matches</a> one of the following headers:</p>
1.34 avankest 875:
876: <ul>
877: <li><code>Accept-Charset</code>
878:
879: <li><code>Accept-Encoding</code>
880:
1.177 avankest 881: <li><code>Authorization</code>
882:
1.69 avankest 883: <li><code>Connection</code>
884:
1.34 avankest 885: <li><code>Content-Length</code>
886:
1.177 avankest 887: <li><code>Cookie</code>
888:
889: <li><code>Cookie2</code>
890:
1.69 avankest 891: <li><code>Content-Transfer-Encoding</code>
892:
893: <li><code>Date</code>
894:
1.34 avankest 895: <li><code>Expect</code>
896:
897: <li><code>Host</code>
898:
899: <li><code>Keep-Alive</code>
900:
901: <li><code>Referer</code>
902:
903: <li><code>TE</code>
904:
905: <li><code>Trailer</code>
906:
907: <li><code>Transfer-Encoding</code>
908:
909: <li><code>Upgrade</code>
1.69 avankest 910:
911: <li><code>Via</code>
1.34 avankest 912: </ul>
1.6 avankest 913:
1.60 avankest 914: <li>
1.133 avankest 915: <p>Also for security reasons, these steps <em class=ct>should</em> be
1.169 avankest 916: terminated if the start of the <var>header</var> argument <a
917: href="#case-insensitive-match" title="case-insensitive
918: match">case-insensitively matches</a> <code>Proxy-</code> or
919: <code>Sec-</code>.
1.133 avankest 920:
921: <li>
1.60 avankest 922: <p>If the <var>header</var> argument is not in the list of request
1.97 avankest 923: headers append the <var>header</var> with its associated
1.99 avankest 924: <var>value</var> to the list and terminate these steps.
1.46 avankest 925:
1.60 avankest 926: <li>
927: <p>If the <var>header</var> argument is in the list of request headers
1.97 avankest 928: either use multiple headers, combine the values or use a combination
929: of those (section 4.2, RFC 2616). [<cite><a
1.146 avankest 930: href="#ref-rfc2616">RFC2616</a></cite>]
1.97 avankest 931: </li>
932: <!-- XXX it seems UAs always combine the values -->
1.60 avankest 933: </ol>
1.18 avankest 934:
1.132 avankest 935: <p class=note>See also the <code><a href="#send">send()</a></code> method
936: regarding user agent header handling for caching, authentication,
1.47 avankest 937: proxies, and cookies.</p>
938:
1.25 avankest 939: <div class=example>
1.60 avankest 940: <pre><code>// The following script:
1.18 avankest 941: var client = new XMLHttpRequest();
942: client.open('GET', 'demo.cgi');
943: client.setRequestHeader('X-Test', 'one');
944: client.setRequestHeader('X-Test', 'two');
945: client.send();
946:
947: // ...would result in the following header being sent:
948: ...
949: X-Test: one, two
1.60 avankest 950: ...</code></pre>
1.18 avankest 951: </div>
1.6 avankest 952:
1.132 avankest 953: <dt><dfn id=send title=send><code>send(<var>data</var>)</code></dfn>,
1.25 avankest 954: method
1.2 avankest 955:
956: <dd>
1.132 avankest 957: <p>The <code><a href="#send">send()</a></code> method initiates the
1.107 avankest 958: request and its optional argument provides the <a
1.164 avankest 959: href="#entity-body">entity body</a>.</p>
960:
961: <p class=note>Authors are encouraged to ensure that they have specified
962: the <code>Content-Type</code> header via <code><a
963: href="#setrequestheader">setRequestHeader()</a></code> before invoking
964: <code><a href="#send">send()</a></code> with a non-<code>null</code>
965: <var>data</var> argument.</p>
1.60 avankest 966:
967: <p>When invoked, the user agent <em class=ct>must</em> follow the
1.109 avankest 968: following steps (unless otherwise noted). Note that this algorithm might
1.132 avankest 969: get aborted if the <code><a href="#open">open()</a></code> or <code><a
970: href="#abort">abort()</a></code> method is invoked. When the <dfn
971: id=abort-send-algorithm title="abort send()"><code>send()</code>
972: algorithm is aborted</dfn> the user agent <em class=ct>must</em>
973: terminate the algorithm after finishing the step it is on.</p>
1.109 avankest 974:
975: <p class=note>The following algorithm can not be aborted through script
976: when <var>async</var> is <code>false</code>. It can only be aborted when
977: <var>async</var> is <code>true</code> and only after the method call has
978: returned.</p>
1.60 avankest 979:
980: <ol>
981: <li>
1.135 avankest 982: <p>If the state of the object is not <a href="#opened-state"
983: title="OPENED state">OPENED</a> raise an
984: <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60 avankest 985:
986: <li>
1.104 avankest 987: <p>If the <a href="#send-flag"><code>send()</code> flag</a> is "true"
1.99 avankest 988: raise an <code>INVALID_STATE_ERR</code> exception and terminate these
1.97 avankest 989: steps.
1.60 avankest 990:
991: <li>
1.104 avankest 992: <p>If <var>async</var> is <code>true</code> set the <a
993: href="#send-flag"><code>send()</code> flag</a> to "true".
1.103 avankest 994:
995: <li>
1.184 ! avankest 996: <p>If <var>stored method</var> is <code>GET</code> or <code>HEAD</code>
! 997: act as if the <var>data</var> argument is <code>null</code>.</p>
1.167 avankest 998:
1.60 avankest 999: <p>If the <var>data</var> argument has not been omitted and is not
1.132 avankest 1000: <code>null</code> use it for the <dfn id=entity-body>entity body</dfn>
1001: as defined by section 7.2 of RFC 2616 observing the following rules:
1.146 avankest 1002: [<cite><a href="#ref-rfc2616">RFC2616</a></cite>]</p>
1.60 avankest 1003:
1.120 avankest 1004: <dl class=switch>
1.60 avankest 1005: <dt><var>data</var> is a <code>DOMString</code>
1006:
1.79 avankest 1007: <dd>
1.164 avankest 1008: <p>Encode <var>data</var> using UTF-8 for transmission.</p>
1009:
1.165 avankest 1010: <p>If a <code>Content-Type</code> header is set using <code><a
1011: href="#setrequestheader">setRequestHeader()</a></code> set the
1012: <code>charset</code> parameter of that header to <code>UTF-8</code>.</p>
1.60 avankest 1013:
1014: <dt><var>data</var> is a <code>Document</code>
1015:
1016: <dd>
1.182 avankest 1017: <p>Let <var>data</var> be <code><var>data</var>.innerHTML</code> as
1.183 avankest 1018: defined by section 2.5 of HTML 5. Encode it using
1.184 ! avankest 1019: <code><var>data</var>.inputEncoding</code> or UTF-8 if
! 1020: <code><var>data</var>.inputEncoding</code> is <code>null</code>.
! 1021: Re-raise any exceptions the <code><var>data</var>.innerHTML</code>
! 1022: getter algorithm raises. [<cite><a
! 1023: href="#ref-html5">HTML5</a></cite>]</p>
1.182 avankest 1024:
1025: <p class=note>If the document cannot be serialized the
1026: <code>document.innerHTML</code> algorithm raises an
1027: <code>INVALID_STATE_ERR</code> exception.</p>
1.166 avankest 1028:
1029: <p>If no <code>Content-Type</code> header has been set using <code><a
1.176 avankest 1030: href="#setrequestheader">setRequestHeader()</a></code> set a
1031: <code>Content-Type</code> request header with a value of
1032: <code>application/xml;charset=<var>charset</var></code> where
1033: <var>charset</var> is the encoding used to encode the document.</p>
1.60 avankest 1034:
1035: <p class=note>Subsequent changes to the <code>Document</code> have no
1036: effect on what is submitted.</p>
1037:
1038: <dt><var>data</var> is not a <code>DOMString</code> or
1039: <code>Document</code>
1040:
1.79 avankest 1041: <dd>
1.97 avankest 1042: <p>Use the stringification mechanisms of the host language on
1043: <var>data</var> and treat the result as if <var>data</var> is a
1.167 avankest 1044: <code>DOMString</code>. Or, if this fails, act as if the
1045: <var>data</var> argument is <code>null</code>.
1.60 avankest 1046: </dl>
1047:
1.127 avankest 1048: <p>If the <var>data</var> argument has been omitted, or is
1049: <code>null</code>, no entity body is used in the request.</p>
1.60 avankest 1050:
1051: <li>
1.72 avankest 1052: <p>Make a request to <var>stored url</var>, using HTTP method
1053: <var>stored method</var>, user <var>stored user</var> (if provided)
1054: and password <var>stored password</var> (if provided), taking into
1055: account the entity body, list of request headers and the rules listed
1056: directly after this set of steps.
1.60 avankest 1057:
1058: <li>
1.97 avankest 1059: <p>Synchronously dispatch a <code><a
1.132 avankest 1060: href="#readystatechange">readystatechange</a></code> event on the
1.97 avankest 1061: object.</p>
1062:
1063: <p class=note>The state of the object does not change. The event is
1064: dispatched for historical reasons.</p>
1.68 avankest 1065:
1066: <li>
1.103 avankest 1067: <p>If <var>async</var> is <code>true</code> return the <code><a
1.132 avankest 1068: href="#send">send()</a></code> method call. (Do not terminate the
1.103 avankest 1069: steps in the algorithm though.)
1.60 avankest 1070:
1071: <li>
1.176 avankest 1072: <p>While executing the request the following rules are to be observed.</p>
1.119 avankest 1073:
1.120 avankest 1074: <dl class=switch>
1.119 avankest 1075: <dt>If the response is an HTTP redirect
1076:
1077: <dd>
1.146 avankest 1078: <p>If the redirect does not violate security (it is <a
1079: href="#same-origin">same-origin</a> for instance) or infinite loop
1080: precautions and the scheme is supported transparently follow the
1.167 avankest 1081: redirect and go to the start of this step (step 8).</p>
1.119 avankest 1082:
1083: <p class=note>HTTP places requirements on the user agent regarding
1084: the preservation of the request method and entity body during
1085: redirects, and also requires users to be notified of certain kinds
1086: of automatic redirections.</p>
1087: <!-- Arguably HTTP should be fixed for the latter case. No browser
1088: follows that as far as I know. -->
1089:
1090: <p>Otherwise, follow the following set of steps:</p>
1091:
1092: <ol>
1093: <li>
1.125 avankest 1094: <p>Set the <a href="#response-entity-body">response entity body</a>
1095: to "null", the <a href="#error-flag">error flag</a> to "true" and
1096: reset the list of request headers.
1.119 avankest 1097:
1098: <li>
1.132 avankest 1099: <p>Synchronously switch the state to <a href="#done-state"
1100: title="DONE state">DONE</a>.
1.119 avankest 1101:
1102: <li>
1103: <p>If <var>async</var> is set to <code>false</code> raise a
1104: <code><a href="#network-err">NETWORK_ERR</a></code> exception and
1105: terminate the overall algorithm.
1106:
1107: <li>
1108: <p>Synchronously dispatch a <code><a
1.132 avankest 1109: href="#readystatechange">readystatechange</a></code> event on the
1110: object.
1.119 avankest 1111:
1112: <li>
1113: <p>Terminate the overall algorithm.
1114: </ol>
1115:
1116: <p class=note>It is likely that a future version of the <code><a
1117: href="#xmlhttprequest-object">XMLHttpRequest</a></code> object will
1118: dispatch an <code>error</code> event here as well.</p>
1119:
1120: <dt>If the user cancels the download
1121:
1122: <dd>
1123: <p>Run the following set of steps:</p>
1124:
1125: <ol>
1126: <li>
1.125 avankest 1127: <p>Set the <a href="#response-entity-body">response entity body</a>
1128: to "null", the <a href="#error-flag">error flag</a> to "true" and
1129: reset the list of request headers.
1.119 avankest 1130:
1131: <li>
1.132 avankest 1132: <p>Synchronously switch the state to <a href="#done-state"
1133: title="DONE state">DONE</a>.
1.119 avankest 1134:
1135: <li>
1.122 avankest 1136: <p>If <var>async</var> is set to <code>false</code> raise an
1137: <code><a href="#abort-err">ABORT_ERR</a></code> exception and
1.119 avankest 1138: terminate the overall algorithm.
1139:
1140: <li>
1141: <p>Synchronously dispatch a <code><a
1.132 avankest 1142: href="#readystatechange">readystatechange</a></code> event on the
1143: object.
1.119 avankest 1144:
1145: <li>
1146: <p>Terminate the overall algorithm.
1147: </ol>
1148:
1149: <p class=note>It is likely that a future version of the <code><a
1150: href="#xmlhttprequest-object">XMLHttpRequest</a></code> object will
1.122 avankest 1151: dispatch an <code title="">abort</code> event here as well.</p>
1.119 avankest 1152:
1153: <dt>In case of network errors
1.118 avankest 1154:
1.119 avankest 1155: <dd>
1.177 avankest 1156: <p>In case of DNS errors, timeout, TLS negotiation failure, or other
1157: type of network errors, run the following set of steps. <span
1158: class=note>This does not include HTTP responses that indicate some
1159: type of error, such as HTTP status code 410.</span></p>
1.119 avankest 1160:
1161: <ol>
1162: <li>
1.125 avankest 1163: <p>Set the <a href="#response-entity-body">response entity body</a>
1164: to "null", the <a href="#error-flag">error flag</a> to "true" and
1165: reset the list of request headers.
1.119 avankest 1166:
1167: <li>
1.132 avankest 1168: <p>Synchronously switch the state to <a href="#done-state"
1169: title="DONE state">DONE</a>.
1.119 avankest 1170:
1171: <li>
1172: <p>If <var>async</var> is set to <code>false</code> raise a
1173: <code><a href="#network-err">NETWORK_ERR</a></code> exception and
1174: terminate the overall algorithm.
1175:
1176: <li>
1177: <p>Synchronously dispatch a <code><a
1.132 avankest 1178: href="#readystatechange">readystatechange</a></code> event on the
1179: object.
1.119 avankest 1180:
1181: <li>
1182: <p>Terminate the overall algorithm.
1183: </ol>
1184:
1185: <p class=note>It is likely that a future version of the <code><a
1186: href="#xmlhttprequest-object">XMLHttpRequest</a></code> object will
1187: dispatch an <code>error</code> event here as well.</p>
1188:
1189: <dt>Once all HTTP headers have been received
1.60 avankest 1190:
1.119 avankest 1191: <dd>
1192: <p>If all HTTP headers have been received, before receiving the
1.124 avankest 1193: message body (if any), run the following steps:</p>
1.60 avankest 1194:
1.119 avankest 1195: <ol>
1196: <li>
1.132 avankest 1197: <p>Synchronously switch the state to <a
1198: href="#headers-received-state" title="HEADERS_RECEIVED
1199: state">HEADERS_RECEIVED</a>.
1.119 avankest 1200:
1201: <li>
1202: <p>Synchronously dispatch a <code><a
1.132 avankest 1203: href="#readystatechange">readystatechange</a></code> event on the
1204: object.
1.124 avankest 1205: </ol>
1206:
1207: <dt>Once the first byte (or more) of the response entity body has been
1208: received
1209:
1210: <dt>If there is no response entity body
1.119 avankest 1211:
1.124 avankest 1212: <dd>
1213: <ol>
1.119 avankest 1214: <li>
1.132 avankest 1215: <p>Synchronously switch the state to <a href="#loading-state"
1.119 avankest 1216: title="LOADING state">LOADING</a>.
1217:
1218: <li>
1219: <p>Synchronously dispatch a <code><a
1.132 avankest 1220: href="#readystatechange">readystatechange</a></code> event on the
1221: object.
1.119 avankest 1222: </ol>
1223: </dl>
1.60 avankest 1224:
1.125 avankest 1225: <p>Finally, once the complete resource has been downloaded go to the
1226: next step.</p>
1.60 avankest 1227:
1228: <li>
1.83 avankest 1229: <p>When the request has successfully completed loading, synchronously
1.132 avankest 1230: switch the state to <a href="#done-state" title="DONE state">DONE</a>
1231: and then synchronously dispatch a <code><a
1232: href="#readystatechange">readystatechange</a></code> event on the
1.97 avankest 1233: object and return the method call in case of <var>async</var> being
1234: <code>false</code>.
1.60 avankest 1235: </ol>
1.19 avankest 1236:
1.92 avankest 1237: <p>If the user agent allows the user to configure a proxy it <em
1.25 avankest 1238: class=ct>should</em> modify the request appropriately; <abbr title="in
1.2 avankest 1239: other words">i.e.</abbr>, connect to the proxy host instead of the
1240: origin server, modify the <code>Request-Line</code> and send
1241: <code>Proxy-Authorization</code> headers as specified.</p>
1242:
1.44 avankest 1243: <p>If the user agent supports HTTP Authentication it <em
1244: class=ct>should</em> consider requests originating from this object to
1245: be part of the protection space that includes the accessed URIs and send
1.19 avankest 1246: <code>Authorization</code> headers and handle <code>401
1.138 avankest 1247: Unauthorized</code> requests appropriately. If authentication fails,
1.44 avankest 1248: user agents <em class=ct>should</em> prompt the users for credentials.
1249: [<cite><a href="#ref-rfc2617">RFC2617</a></cite>]</p>
1.19 avankest 1250:
1.59 avankest 1251: <p>If the user agent supports HTTP State Management it <em
1.44 avankest 1252: class=ct>should</em> persist, discard and send cookies (as received in
1253: the <code>Set-Cookie</code> and <code>Set-Cookie2</code> response
1254: headers, and sent in the <code>Cookie</code> header) as applicable.
1.179 avankest 1255: [<cite><a href="#ref-rfc2109">RFC2109</a></cite>] [<cite><a
1256: href="#ref-rfc2965">RFC2965</a></cite>]</p>
1257: <!-- These specs do not match reality. -->
1.44 avankest 1258: <p>If the user agent implements a HTTP cache it <em class=ct>should</em>
1259: respect <code>Cache-Control</code> request headers set by the script
1260: (<abbr title="for example">e.g.</abbr>, <code>Cache-Control:
1261: no-cache</code> bypasses the cache). It <em class=ct>must not</em> send
1.25 avankest 1262: <code>Cache-Control</code> or <code>Pragma</code> request headers
1.138 avankest 1263: automatically unless the user explicitly requests such behavior
1.180 avankest 1264: (<abbr>e.g.</abbr>, by (force-)reloading the page).</p>
1265:
1266: <p>For <code>304 Not Modified</code> responses that are a result of a
1267: user agent generated conditional request the user agent <em
1268: class=ct>must</em> act as if the server gave a <code>200 OK</code>
1269: response with the appropriate content. The user agent <em
1.44 avankest 1270: class=ct>must</em> allow scripts to override automatic cache validation
1271: by setting request headers (e.g., <code>If-None-Match</code>,
1.16 avankest 1272: <code>If-Modified-Since</code>), in which case <code>304 Not
1.44 avankest 1273: Modified</code> responses <em class=ct>must</em> be passed through.
1.146 avankest 1274: [<cite><a href="#ref-rfc2616">RFC2616</a></cite>]</p>
1.2 avankest 1275:
1.44 avankest 1276: <p>If the user agent implements server-driven content-negotiation it <em
1.162 avankest 1277: class=ct>should</em> set <code>Accept-Encoding</code> and
1.175 avankest 1278: <code>Accept-Charset</code> headers as appropriate. Unless set through
1279: <code><a href="#setrequestheader">setRequestHeader()</a></code> user
1280: agents <em class=ct>should</em> set the <code>Accept</code> and
1.181 avankest 1281: <code>Accept-Language</code> headers as well. If <code>Accept</code> is
1282: set by the user agent it <em class=ct>must</em> have the value
1283: <code>*/*</code>. Responses <em class=ct>must</em> have the
1284: content-encodings automatically decoded. [<cite><a
1285: href="#ref-rfc2616">RFC2616</a></cite>]</p>
1.18 avankest 1286:
1.132 avankest 1287: <dt><dfn id=abort><code>abort()</code></dfn>, method
1.6 avankest 1288:
1289: <dd>
1.62 avankest 1290: <p>When invoked, the user agent <em class=ct>must</em> run the following
1.97 avankest 1291: steps (unless otherwise noted):</p>
1.6 avankest 1292:
1.62 avankest 1293: <ol>
1294: <li>
1.109 avankest 1295: <p><a href="#abort-send-algorithm" title="abort send()">Abort the
1296: <code>send()</code> algorithm</a>, set the <a
1.125 avankest 1297: href="#response-entity-body">response entity body</a> to "null", the
1.136 avankest 1298: <a href="#error-flag">error flag</a> to "true" and remove any
1299: registered request headers.
1.62 avankest 1300:
1301: <li>
1.109 avankest 1302: <p>The user agent <em class=ct>should</em> cancel any network activity
1303: for which the object is responsible.
1.62 avankest 1304:
1.80 avankest 1305: <li>
1.135 avankest 1306: <p>If the state is <a href="#unsent-state" title="UNSENT
1307: state">UNSENT</a>, <a href="#opened-state" title="OPENED
1308: state">OPENED</a> and the <a href="#send-flag"><code>send()</code>
1309: flag</a> is "false", or <a href="#done-state" title="DONE
1310: state">DONE</a> go to the next step.</p>
1.84 avankest 1311:
1.132 avankest 1312: <p>Otherwise, switch the state to <a href="#done-state" title="DONE
1.136 avankest 1313: state">DONE</a>, set the <a href="#send-flag"><code>send()</code>
1314: flag</a> to "false" and synchronously dispatch a <code><a
1.132 avankest 1315: href="#readystatechange">readystatechange</a></code> event on the
1.84 avankest 1316: object.</p>
1.68 avankest 1317:
1.62 avankest 1318: <li>
1.135 avankest 1319: <p>Switch the state to <a href="#unsent-state" title="UNSENT
1.98 avankest 1320: state">UNSENT</a>. (Do not dispatch the <code><a
1.132 avankest 1321: href="#readystatechange">readystatechange</a></code> event.)</p>
1.62 avankest 1322:
1.83 avankest 1323: <p class=note>It is likely that a future version of the <code><a
1324: href="#xmlhttprequest-object">XMLHttpRequest</a></code> object will
1325: dispatch an <code title="">abort</code> event here as well.</p>
1.62 avankest 1326: </ol>
1.26 avankest 1327:
1.6 avankest 1328: <dt><dfn
1.132 avankest 1329: id=getallresponseheaders><code>getAllResponseHeaders()</code></dfn>,
1.13 avankest 1330: method
1.2 avankest 1331:
1332: <dd>
1.62 avankest 1333: <p>When invoked, the user agent <em class=ct>must</em> run the following
1334: steps:</p>
1.60 avankest 1335:
1336: <ol>
1.77 avankest 1337: <li>
1.135 avankest 1338: <p>If the state is <a href="#unsent-state" title="UNSENT
1339: state">UNSENT</a> or <a href="#opened-state" title="OPENED
1340: state">OPENED</a> raise an <code>INVALID_STATE_ERR</code> exception
1341: and terminate these steps.
1.125 avankest 1342:
1343: <li>
1.171 avankest 1344: <p>If the <a href="#error-flag">error flag</a> is "true" return the
1345: empty string and terminate these steps.
1.77 avankest 1346:
1347: <li>
1.97 avankest 1348: <p>Return all the HTTP headers, as a single string, with each header
1.168 avankest 1349: line separated by a U+000D (CR) U+000A (LF) pair excluding the status
1.97 avankest 1350: line.
1.60 avankest 1351: </ol>
1.6 avankest 1352:
1.25 avankest 1353: <div class=example>
1.60 avankest 1354: <pre><code>// The following script:
1.6 avankest 1355: var client = new XMLHttpRequest();
1.18 avankest 1356: client.open("GET", "test.txt", true);
1.6 avankest 1357: client.send();
1.16 avankest 1358: client.onreadystatechange = function() {
1.180 avankest 1359: if(this.readyState == 2) {
1.16 avankest 1360: print(this.getAllResponseHeaders());
1361: }
1362: }
1.6 avankest 1363:
1364: // ...should output something similar to the following text:
1365: Date: Sun, 24 Oct 2004 04:58:38 GMT
1366: Server: Apache/1.3.31 (Unix)
1367: Keep-Alive: timeout=15, max=99
1368: Connection: Keep-Alive
1369: Transfer-Encoding: chunked
1.60 avankest 1370: Content-Type: text/plain; charset=utf-8</code></pre>
1.6 avankest 1371: </div>
1372:
1.132 avankest 1373: <dt><dfn id=getresponseheader
1.25 avankest 1374: title=getresponseheader><code>getResponseHeader(<var>header</var>)</code></dfn>,
1.13 avankest 1375: method
1.2 avankest 1376:
1.6 avankest 1377: <dd>
1.60 avankest 1378: <p>When the method is invoked, the user agent <em class=ct>must</em> run
1379: the following steps:</p>
1380:
1381: <ol>
1.77 avankest 1382: <li>
1.135 avankest 1383: <p>If the state is <a href="#unsent-state" title="UNSENT
1384: state">UNSENT</a> or <a href="#opened-state" title="OPENED
1385: state">OPENED</a> raise an <code>INVALID_STATE_ERR</code> exception
1386: and terminate these steps.
1.125 avankest 1387:
1388: <li>
1.150 avankest 1389: <p>If the <var>header</var> argument does not match the <a
1.172 avankest 1390: href="#field-name"><code>field-name</code> production</a> return
1391: <code>null</code> and terminate these steps.
1.150 avankest 1392:
1393: <li>
1.125 avankest 1394: <p>If the <a href="#error-flag">error flag</a> is "true" return
1395: <code>null</code> and terminate these steps.
1.17 avankest 1396:
1.77 avankest 1397: <li>
1.81 avankest 1398: <p>If the <var>header</var> argument <a href="#case-insensitive-match"
1399: title="case-insensitive match">case-insensitively matches</a> multiple
1.128 avankest 1400: HTTP headers for the last request sent, return the values of these
1.97 avankest 1401: headers as a single concatenated string separated from each other by
1.168 avankest 1402: an U+002C followed by an U+0020 character and terminate these steps.
1.77 avankest 1403:
1404: <li>
1.81 avankest 1405: <p>If the <var>header</var> argument <a href="#case-insensitive-match"
1406: title="case-insensitive match">case-insensitively matches</a> a single
1.97 avankest 1407: HTTP header for the last request sent return the value of that header
1.99 avankest 1408: and terminate these steps.
1.77 avankest 1409:
1410: <li>
1.97 avankest 1411: <p>Return <code>null</code>.
1.60 avankest 1412: </ol>
1.17 avankest 1413:
1.25 avankest 1414: <div class=example>
1.60 avankest 1415: <pre><code>// The following script:
1.1 avankest 1416: var client = new XMLHttpRequest();
1.18 avankest 1417: client.open("GET", "test.txt", true);
1.6 avankest 1418: client.send();
1.16 avankest 1419: client.onreadystatechange = function() {
1.180 avankest 1420: if(this.readyState == 2) {
1.18 avankest 1421: print(client.getResponseHeader("Content-Type"));
1.16 avankest 1422: }
1423: }
1.1 avankest 1424:
1.6 avankest 1425: // ...should output something similar to the following text:
1.164 avankest 1426: text/plain; charset=utf-8</code></pre>
1.2 avankest 1427: </div>
1428:
1.132 avankest 1429: <dt><dfn id=responsetext><code>responseText</code></dfn> of type
1.9 avankest 1430: <code>DOMString</code>, readonly
1.6 avankest 1431:
1432: <dd>
1.89 avankest 1433: <p>On getting, the user agent <em class=ct>must</em> run the following
1434: steps:</p>
1435:
1436: <ol>
1437: <li>
1.132 avankest 1438: <p>If the state is not <a href="#loading-state" title="LOADING
1439: state">LOADING</a> or <a href="#done-state" title="DONE
1.170 avankest 1440: state">DONE</a> return the empty string and terminate these steps.
1.6 avankest 1441:
1.89 avankest 1442: <li>
1443: <p>Return the <a href="#text-response-entity-body">text response entity
1444: body</a>.
1445: </ol>
1.12 avankest 1446:
1.132 avankest 1447: <dt><dfn id=responsexml><code>responseXML</code></dfn> of type
1.9 avankest 1448: <code>Document</code>, readonly
1.6 avankest 1449:
1450: <dd>
1.76 avankest 1451: <p>On getting, the user agent <em class=ct>must</em> run the following
1452: steps:</p>
1453:
1454: <ol>
1455: <li>
1.132 avankest 1456: <p>If the state is not <a href="#done-state" title="DONE
1.170 avankest 1457: state">DONE</a> return <code>null</code> and terminate these steps.
1.76 avankest 1458:
1459: <li>
1.89 avankest 1460: <p>Return the <a href="#xml-response-entity-body">XML response entity
1461: body</a>.
1.76 avankest 1462: </ol>
1.12 avankest 1463:
1.132 avankest 1464: <dt><dfn id=status><code>status</code></dfn> of type <code>unsigned
1.9 avankest 1465: short</code>, readonly
1.6 avankest 1466:
1467: <dd>
1.73 avankest 1468: <p>On getting, if available, it <em class=ct>must</em> return the HTTP
1469: status code sent by the server (typically <code>200</code> for a
1470: successful request). Otherwise, if not available, the user agent <em
1471: class=ct>must</em> raise an <code>INVALID_STATE_ERR</code> exception.</p>
1.12 avankest 1472:
1.132 avankest 1473: <dt><dfn id=statustext><code>statusText</code></dfn> of type
1.9 avankest 1474: <code>DOMString</code>, readonly
1.2 avankest 1475:
1.6 avankest 1476: <dd>
1.73 avankest 1477: <p>On getting, if available, it <em class=ct>must</em> return the HTTP
1478: status text sent by the server (appears after the status code).
1.180 avankest 1479: Otherwise, if not available (request is not initiated for instance), the
1480: user agent <em class=ct>must</em> raise an
1481: <code>INVALID_STATE_ERR</code> exception.</p>
1.2 avankest 1482: </dl>
1483:
1.168 avankest 1484: <h3 id=events><span class=secno>4.1 </span>Events for the <code
1.33 avankest 1485: title="">XMLHttpRequest</code> Object</h3>
1.2 avankest 1486:
1.135 avankest 1487: <p>This section describes the various events that can be dispatched on
1488: objects implementing the <code><a
1.60 avankest 1489: href="#xmlhttprequest-object">XMLHttpRequest</a></code> interface. For
1490: this version of the specification only one event is defined.
1.2 avankest 1491:
1.1 avankest 1492: <dl>
1.132 avankest 1493: <dt><dfn id=readystatechange><code>readystatechange</code></dfn>
1.2 avankest 1494:
1.73 avankest 1495: <dd>When the user agent dispatches a <code
1496: title="">readystatechange</code> event (as indicated above) it <em
1497: class=ct>must not</em> bubble, <em class=ct>must not</em> be cancelable
1498: and <em class=ct>must</em> implement the <code>Event</code> interface.
1499: Its <code>namespaceURI</code> attribute <em class=ct>must</em> be
1.146 avankest 1500: <code>null</code>. [<cite><a
1.156 avankest 1501: href="#ref-dom2events">DOM2Events</a></cite>]
1.1 avankest 1502: </dl>
1.2 avankest 1503:
1.168 avankest 1504: <h3 id=exceptions><span class=secno>4.2 </span>Exceptions for the <code
1.33 avankest 1505: title="">XMLHttpRequest</code> Object</h3>
1506:
1.139 avankest 1507: <p>Several algorithms in this specification may result in an exception
1508: being thrown. These exceptions are all part of the group
1509: <code>ExceptionCode</code> and use the <code>DOMException</code> object
1510: which is defined in DOM Level 3 Core. In addition this specification
1511: extends the <code>ExceptionCode</code> group with several new constants as
1.146 avankest 1512: indicated below. [<cite><a href="#ref-dom3core">DOM3Core</a></cite>]
1.139 avankest 1513:
1.34 avankest 1514: <pre
1.139 avankest 1515: class=idl>const unsigned short <a href="#security-err">SECURITY_ERR</a> = 18;
1.122 avankest 1516: const unsigned short <a href="#network-err">NETWORK_ERR</a> = 101;
1517: const unsigned short <a href="#abort-err">ABORT_ERR</a> = 102;</pre>
1.33 avankest 1518:
1.139 avankest 1519: <p>The <dfn id=security-err><code>SECURITY_ERR</code></dfn> exception is
1520: raised if an attempt is made to perform an operation or access some data
1521: in a way that would be a security risk or a violation of the user agent's
1522: security policy.</p>
1523: <!-- http://lists.w3.org/Archives/Public/public-webapi/2006May/0027.html -->
1524:
1525: <p class=note>The <code title="">SECURITY_ERR</code> exception is expected
1526: to be eventually folded into an update of the the DOM Level 3 Core
1527: specification with an equivalent definition and identical constant value.
1528: Until that happens it is defined here to guide implementors. (This is also
1.154 avankest 1529: the reason the constant value is not in line with the other exceptions.)
1.139 avankest 1530:
1.35 avankest 1531: <p>The <dfn id=network-err><code>NETWORK_ERR</code></dfn> exception is
1.139 avankest 1532: raised when a network error occurs in synchronous requests.
1.122 avankest 1533:
1.139 avankest 1534: <p>The <dfn id=abort-err><code>ABORT_ERR</code></dfn> exception is raised
1.122 avankest 1535: when the user aborts a request in synchronous requests.
1536:
1.31 avankest 1537: <h2 class=no-num id=notcovered>Not in this Specification</h2>
1538:
1.144 avankest 1539: <p><em>This section is non-normative.</em>
1.31 avankest 1540:
1.73 avankest 1541: <p>This specification does not include the following features which are
1542: being considered for a future version of this specification:
1.31 avankest 1543:
1544: <ul>
1545: <li><code>load</code> event and <code>onload</code> attribute;
1546:
1547: <li><code>error</code> event and <code>onerror</code> attribute;
1548:
1549: <li><code>progress</code> event and <code>onprogress</code> attribute;
1550:
1551: <li><code title="">abort</code> event and <code>onabort</code> attribute;
1552:
1553: <li>Timers have been suggested, perhaps an <code>ontimeout</code>
1554: attribute;
1555:
1556: <li>Property to disable following redirects;
1557:
1.32 avankest 1558: <li><code title="">responseXML</code> for <code>text/html</code>
1559: documents;
1.31 avankest 1560:
1.42 avankest 1561: <li>Cross-site <code title="">XMLHttpRequest</code>;
1562:
1.88 avankest 1563: <li><code>responseBody</code> to deal with byte streams;
1.42 avankest 1564:
1.115 avankest 1565: <li><code>overrideMimeType</code> to fix up MIME types;
1566:
1.88 avankest 1567: <li><code>getRequestHeader()</code> and
1568: <code>removeRequestHeader()</code>.
1.31 avankest 1569: </ul>
1570:
1.25 avankest 1571: <h2 class=no-num id=bibref>References</h2>
1.2 avankest 1572:
1.178 avankest 1573: <p>Unless marked "Non-normative" these references are normative.
1574:
1.7 avankest 1575: <dl>
1.156 avankest 1576: <dt>[<dfn id=ref-dom2events>DOM2Events</dfn>]
1577:
1578: <dd><cite><a href="http://www.w3.org/TR/DOM-Level-2-Events/">Document
1.161 avankest 1579: Object Model (DOM) Level 2 Events Specification</a></cite>, T. Pixley,
1580: editor. W3C, November 2000.
1.156 avankest 1581:
1.146 avankest 1582: <dt>[<dfn id=ref-dom3core>DOM3Core</dfn>]
1.2 avankest 1583:
1.15 avankest 1584: <dd><cite><a href="http://www.w3.org/TR/DOM-Level-3-Core">Document Object
1585: Model (DOM) Level 3 Core Specification</a></cite>, A. Le Hors, P. Le
1.140 avankest 1586: Hégaret, L. Wood, G. Nicol, J. Robie, M. Champion, S. Byrne,
1587: editors. W3C, April 2004.
1.2 avankest 1588:
1.39 avankest 1589: <dt>[<dfn id=ref-ecmascript>ECMAScript</dfn>]
1.18 avankest 1590:
1591: <dd><cite><a
1592: href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript
1593: Language Specification</a></cite>, Third Edition. ECMA, December 1999.
1594:
1.146 avankest 1595: <dt>[<dfn id=ref-html5>HTML5</dfn>]
1.143 avankest 1596:
1597: <dd><cite><a
1.172 avankest 1598: href="http://www.w3.org/html/wg/html5/">HTML 5</a></cite> (work in
1599: progress), I. Hickson, D. Hyatt, editors. W3C, 2008.
1600:
1601: <dd><cite><a
1.143 avankest 1602: href="http://www.whatwg.org/specs/web-apps/current-work/">HTML 5</a></cite>
1.172 avankest 1603: (work in progress), I. Hickson, editor. WHATWG, 2008.
1.18 avankest 1604:
1.178 avankest 1605: <dt>[<dfn id=ref-httponly>HTTPONLY</dfn>]
1606:
1607: <dd>(Non-normative) <cite><a
1608: href="http://msdn.microsoft.com/en-us/library/ms533046.aspx">Mitigating
1609: Cross-site Scripting With HTTP-only Cookies</a></cite>, MSDN.
1610:
1.179 avankest 1611: <dt>[<dfn id=ref-rfc2109>RFC2109</dfn>]
1612:
1613: <dd><cite><a href="http://ietf.org/rfc/rfc2109">HTTP State Management
1614: Mechanism</a></cite>, D. Kristol, L. Montulli, editors. IETF, February
1615: 1997.
1616:
1.146 avankest 1617: <dt>[<dfn id=ref-rfc2119>RFC2119</dfn>]
1.15 avankest 1618:
1.118 avankest 1619: <dd><cite><a href="http://ietf.org/rfc/rfc2119">Key words for use in RFCs
1620: to Indicate Requirement Levels</a></cite>, S. Bradner. IETF, March 1997.
1.15 avankest 1621:
1.146 avankest 1622: <dt>[<dfn id=ref-rfc2616>RFC2616</dfn>]
1.15 avankest 1623:
1624: <dd><cite><a href="http://ietf.org/rfc/rfc2616">Hypertext Transfer
1625: Protocol -- HTTP/1.1</a></cite>, R. Fielding, J. Gettys, J. Mogul, H.
1.93 avankest 1626: Frystyk, L. Masinter, P. Leach, T. Berners-Lee, editors. IETF, June 1999.
1.15 avankest 1627:
1.39 avankest 1628: <dt>[<dfn id=ref-rfc2617>RFC2617</dfn>]
1.15 avankest 1629:
1630: <dd><cite><a href="http://ietf.org/rfc/rfc2617">HTTP Authentication: Basic
1.93 avankest 1631: and Digest Access Authentication</a></cite>, P. Hallam-Baker, J.
1632: Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart, editors. IETF,
1633: June 1999.
1.2 avankest 1634:
1.39 avankest 1635: <dt>[<dfn id=ref-rfc2965>RFC2965</dfn>]
1.2 avankest 1636:
1.22 avankest 1637: <dd><cite><a href="http://ietf.org/rfc/rfc2965">HTTP State Management
1638: Mechanism</a></cite>, D. Kristol, L. Montulli, editors. IETF, October
1639: 2000.
1640:
1.39 avankest 1641: <dt>[<dfn id=ref-rfc3986>RFC3986</dfn>]
1.2 avankest 1642:
1.15 avankest 1643: <dd><cite><a href="http://ietf.org/rfc/rfc3986">Uniform Resource
1644: Identifier (URI): Generic Syntax</a></cite>, T. Berners-Lee, R. Fielding,
1645: L. Masinter, editors. IETF, January 2005.
1.30 avankest 1646:
1.142 avankest 1647: <dt>[<dfn id=ref-rfc3987>RFC3987</dfn>]
1648:
1649: <dd><cite><a href="http://ietf.org/rfc/rfc3987">Internationalized Resource
1650: Identifiers (IRIs)</a></cite>, M. Duerst, M. Suignard, editors. IETF,
1651: January 2005.
1652:
1.182 avankest 1653: <dt>[<dfn id=ref-webidl>Web IDL</dfn>]
1654:
1655: <dd><cite><a href="http://dev.w3.org/2006/webapi/Binding4DOM/">Web
1656: IDL</a></cite> (editor's draft), C. McCormack, editor. W3C, 2008.
1657:
1.43 avankest 1658: <dt>[<dfn id=ref-xml>XML</dfn>]
1659:
1660: <dd><cite><a href="http://www.w3.org/TR/xml/">Extensible Markup Language
1661: (XML) 1.0 (Fourth Edition)</a></cite>, T. Bray, J. Paoli, C.
1.118 avankest 1662: Sperberg-McQueen, E. Maler, F. Yergeau, editors. W3C, September 2006.
1.43 avankest 1663:
1664: <dt>[<dfn id=ref-xmlns>XMLNS</dfn>]
1665:
1666: <dd><cite><a href="http://www.w3.org/TR/xml-names/">Namespaces in XML
1.118 avankest 1667: (Second Edition)</a></cite>, T. Bray, D. Hollander, A. Layman, R. Tobin,
1668: editors. W3C, August 2006.
1.2 avankest 1669: </dl>
1670:
1.131 avankest 1671: <h2 class=no-num id=acknowledgments>Acknowledgments</h2>
1.2 avankest 1672:
1.164 avankest 1673: <p>The editor would like to thank Addison Phillips, Ahmed Kamel, Alex
1674: Hopmann, Alex Vincent, Alexey Proskuryakov, Asbjørn Ulsberg, Boris
1675: Zbarsky, Björn Höhrmann, Cameron McCormack, Christophe Jolif,
1676: Charles McCathieNevile, Dan Winship, David Håsäther, Dean
1677: Jackson, Denis Sureau, Doug Schepers, Douglas Livingstone, Elliotte
1678: Harold, Eric Lawrence, Geoffrey Sneddon, Gideon Cohn, Gorm Haug Eriksen,
1679: Hallvord R. M. Steen, Håkon Wium Lie, Ian Davis, Ian Hickson, Ivan
1680: Herman, Jeff Walden, Jens Lindström, Jim Deegan, Jim Ley, Joe Farro,
1.176 avankest 1681: Jonas Sicking, Julian Reschke, Karl Dubost, Lachlan Hunt, Maciej
1682: Stachowiak, Magnus Kristiansen, Marc Hadley, Marcos Caceres, Mark Baker,
1683: Mark Nottingham, Mohamed Zergaoui, Pawel Glowacki, Robin Berjon, Ruud
1684: Steltenpool, Simon Pieters, Stewart Brodie, Sunava Dutta, Tom Magliery and
1685: Zhenbin Xu for their contributions to this specification.
1.2 avankest 1686:
1687: <p>Special thanks to the Microsoft employees who first implemented the
1.144 avankest 1688: <code title="">XMLHttpRequest</code> interface, which was first widely
1689: deployed by the Windows Internet Explorer browser.
1.2 avankest 1690:
1.56 avankest 1691: <p>Special thanks also to the WHATWG for drafting an initial version of
1.131 avankest 1692: this specification in their Web Applications 1.0 document (now renamed to
1.146 avankest 1693: HTML 5). [<cite><a href="#ref-html5">HTML5</a></cite>]
1.2 avankest 1694:
1695: <p>Thanks also to all those who have helped to improve this specification
1696: by sending suggestions and corrections. (Please, keep bugging us with your
1697: issues!)
Webmaster
![[BACK]](/https/dev.w3.org/cvsweb/icons/back.gif){kind=icon}
Return to Overview.html CVS log ![[TXT]](/https/dev.w3.org/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/https/dev.w3.org/cvsweb/icons/dir.gif){kind=icon}
Up to [Public] / 2006 / webapi / XMLHttpRequest