Annotation of 2006/webapi/XMLHttpRequest/Overview.html, revision 1.200
1.1 avankest 1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
1.2 avankest 2:
1.25 avankest 3: <html lang=en-US>
1.1 avankest 4: <head>
5: <title>The XMLHttpRequest Object</title>
1.2 avankest 6:
1.20 avankest 7: <style type="text/css">
1.118 avankest 8: pre.idl { border:solid thin; background:#eee; color:#000; padding:0.5em }
1.20 avankest 9: pre.idl :link, pre.idl :visited { color:inherit; background:transparent }
1.60 avankest 10: pre code { color:inherit; background:transparent }
1.20 avankest 11: div.example { margin-left:1em; padding-left:1em; border-left:double; color:#222; background:#fcfcfc }
1.90 avankest 12: .note { margin-left:2em; font-weight:bold; font-style:italic; color:#008000 }
1.20 avankest 13: p.note::before { content:"Note: " }
1.90 avankest 14: .issue { padding:.5em; border:solid #f00 }
1.20 avankest 15: p.issue::before { content:"Issue: " }
1.120 avankest 16: dl.switch { padding-left:2em }
17: dl.switch dt { text-indent:-1.5em }
18: dl.switch dt:before { content:'\21AA'; padding:0 0.5em 0 0; display:inline-block; width:1em; text-align:right; line-height:0.5em }
1.20 avankest 19: em.ct { text-transform:lowercase; font-variant:small-caps; font-style:normal }
20: dfn { font-weight:bold; font-style:normal }
21: code { color:orangered }
22: code :link, code :visited { color:inherit }
1.123 avankest 23: h1 code, h2 code, h3 code { color:inherit; background:inherit; font:inherit }
1.20 avankest 24: </style>
1.174 avankest 25: <link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel=stylesheet>
1.2 avankest 26:
1.1 avankest 27: <body>
1.25 avankest 28: <div class=head>
29: <p><a href="http://www.w3.org/"><img alt=W3C height=48
30: src="http://www.w3.org/Icons/w3c_home" width=72></a></p>
1.2 avankest 31:
1.157 avankest 32: <h1 class=head id=the-xmlhttprequest-object>The <code
1.14 avankest 33: title="">XMLHttpRequest</code> Object</h1>
1.2 avankest 34:
1.200 ! avankest 35: <h2 class="no-num no-toc" id=w3c-doctype>Editor's Draft 10 August 2008</h2>
1.2 avankest 36:
1.1 avankest 37: <dl>
1.154 avankest 38: <dt>This Version:
1.2 avankest 39:
40: <dd><a
1.200 ! avankest 41: href="http://www.w3.org/TR/2008/ED-XMLHttpRequest-20080810/">http://www.w3.org/TR/2008/ED-XMLHttpRequest-20080810/</a>
1.2 avankest 42:
1.14 avankest 43: <dt>Latest Version:
1.2 avankest 44:
45: <dd><a
46: href="http://www.w3.org/TR/XMLHttpRequest/">http://www.w3.org/TR/XMLHttpRequest/</a>
47:
1.190 avankest 48: <dt>Latest Editor Version:
49:
50: <dd><a
51: href="http://dev.w3.org/2006/webapi/XMLHttpRequest/">http://dev.w3.org/2006/webapi/XMLHttpRequest/</a>
52:
1.14 avankest 53: <dt>Previous Versions:
1.2 avankest 54:
55: <dd><a
1.174 avankest 56: href="http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/">http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/</a>
57:
58: <dd><a
1.155 avankest 59: href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/</a>
60:
61: <dd><a
1.134 avankest 62: href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/</a>
63:
64: <dd><a
1.60 avankest 65: href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/</a>
66:
67: <dd><a
1.25 avankest 68: href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/</a>
69:
70: <dd><a
1.2 avankest 71: href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/</a>
72:
73: <dd><a
74: href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/</a>
75:
76: <dt>Editor:
77:
78: <dd><a href="http://annevankesteren.nl/">Anne van Kesteren</a> (<a
79: href="http://www.opera.com/">Opera Software ASA</a>) <<a
80: href="mailto:annevk@opera.com">annevk@opera.com</a>>
1.1 avankest 81: </dl>
1.2 avankest 82:
1.25 avankest 83: <p class=copyright><a
1.2 avankest 84: href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
1.53 avankest 85: © 2007 <a href="http://www.w3.org/"><acronym title="World Wide Web
86: Consortium">W3C</acronym></a><sup>®</sup> (<a
87: href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute
88: of Technology">MIT</acronym></a>, <a
89: href="http://www.ercim.org/"><acronym title="European Research Consortium
90: for Informatics and Mathematics">ERCIM</acronym></a>, <a
1.2 avankest 91: href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a
92: href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
93: <a
94: href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>
95: and <a
96: href="http://www.w3.org/Consortium/Legal/copyright-documents">document
97: use</a> rules apply.</p>
1.1 avankest 98: </div>
1.2 avankest 99:
100: <hr>
101:
1.25 avankest 102: <h2 class="no-num no-toc" id=specabstract>Abstract</h2>
1.2 avankest 103:
1.25 avankest 104: <p>The <code title="">XMLHttpRequest</code> Object specification defines an
105: <abbr title="Application Programming Interface">API</abbr> that provides
106: scripted client functionality for transferring data between a client and a
107: server.
108:
109: <h2 class="no-num no-toc" id=sotd>Status of this Document</h2>
1.2 avankest 110:
111: <p><em>This section describes the status of this document at the time of
112: its publication. Other documents may supersede this document. A list of
113: current W3C publications and the latest revision of this technical report
114: can be found in the <a href="http://www.w3.org/TR/">W3C technical reports
1.173 avankest 115: index</a> at http://www.w3.org/TR/.</em>
1.2 avankest 116:
1.200 ! avankest 117: <p>This is the 10 August 2008 Last Call Working Draft of The <code
1.148 avankest 118: title="">XMLHttpRequest</code> Object specification. Please send comments
119: to <a href="mailto:public-webapi@w3.org">public-webapi@w3.org</a> (<a
1.49 avankest 120: href="http://lists.w3.org/Archives/Public/public-webapi/">archived</a>)
121: with either <samp>[XHR]</samp> or <samp title="">[XMLHttpRequest]</samp>
1.173 avankest 122: at the start of the subject line before befor 2 June 2008.
1.49 avankest 123:
124: <p>This document is produced by the <a
125: href="http://www.w3.org/2006/webapi/">Web API Working Group</a>, part of
126: the <a href="http://www.w3.org/2006/rwc/Activity">Rich Web Clients
127: Activity</a> in the W3C <a
128: href="http://www.w3.org/Interaction/">Interaction Domain</a>. Changes made
129: to this document can be found in the <a
130: href="http://dev.w3.org/cvsweb/2006/webapi/XMLHttpRequest/Overview.html">W3C
131: public CVS server</a>.
1.2 avankest 132:
133: <p>Publication as a Working Draft does not imply endorsement by the W3C
134: Membership. This is a draft document and may be updated, replaced or
135: obsoleted by other documents at any time. It is inappropriate to cite this
136: document as other than work in progress.
137:
138: <p>This document was produced by a group operating under the <a
139: href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February
1.54 avankest 140: 2004 W3C Patent Policy</a>. W3C maintains a <a
141: href="http://www.w3.org/2004/01/pp-impl/38482/status"
1.25 avankest 142: rel=disclosure>public list of any patent disclosures</a> made in
1.2 avankest 143: connection with the deliverables of the group; that page also includes
144: instructions for disclosing a patent. An individual who has actual
145: knowledge of a patent which the individual believes contains <a
146: href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
147: Claim(s)</a> must disclose the information in accordance with <a
148: href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
149: 6 of the W3C Patent Policy</a>.
150:
1.25 avankest 151: <h2 class="no-num no-toc" id=toc>Table of Contents</h2>
1.2 avankest 152: <!--begin-toc-->
153:
1.25 avankest 154: <ul class=toc>
155: <li><a href="#introduction"><span class=secno>1. </span>Introduction</a>
1.154 avankest 156:
157: <li><a href="#conformance"><span class=secno>2. </span>Conformance</a>
1.25 avankest 158: <ul class=toc>
1.168 avankest 159: <li><a href="#dependencies"><span class=secno>2.1
1.154 avankest 160: </span>Dependencies</a>
1.2 avankest 161:
1.168 avankest 162: <li><a href="#terminology"><span class=secno>2.2 </span>Terminology</a>
1.81 avankest 163:
1.168 avankest 164: <li><a href="#extensibility"><span class=secno>2.3
1.154 avankest 165: </span>Extensibility</a>
166: </ul>
1.81 avankest 167:
1.154 avankest 168: <li><a href="#security"><span class=secno>3. </span>Security
169: Considerations</a>
1.2 avankest 170:
1.154 avankest 171: <li><a href="#xmlhttprequest"><span class=secno>4. </span>The <code
1.16 avankest 172: title="">XMLHttpRequest</code> Object</a>
1.25 avankest 173: <ul class=toc>
1.168 avankest 174: <li><a href="#events"><span class=secno>4.1 </span>Events for the <code
1.33 avankest 175: title="">XMLHttpRequest</code> Object</a>
176:
1.168 avankest 177: <li><a href="#exceptions"><span class=secno>4.2 </span>Exceptions for
1.33 avankest 178: the <code title="">XMLHttpRequest</code> Object</a>
1.11 avankest 179: </ul>
1.2 avankest 180:
1.31 avankest 181: <li class=no-num><a href="#notcovered">Not in this Specification</a>
182:
1.25 avankest 183: <li class=no-num><a href="#bibref">References</a>
1.2 avankest 184:
1.131 avankest 185: <li class=no-num><a href="#acknowledgments">Acknowledgments</a>
1.2 avankest 186: </ul>
187: <!--end-toc-->
188:
1.25 avankest 189: <h2 id=introduction><span class=secno>1. </span>Introduction</h2>
1.2 avankest 190:
191: <p><em>This section is non-normative.</em>
192:
1.60 avankest 193: <p>The <code><a href="#xmlhttprequest-object">XMLHttpRequest</a></code>
194: object implements an interface exposed by a scripting engine that allows
195: scripts to perform HTTP client functionality, such as submitting form data
1.184 avankest 196: or loading data from a server. It is the ECMAScript HTTP API.
1.2 avankest 197:
198: <p>The name of the object is <code><a
1.60 avankest 199: href="#xmlhttprequest-object">XMLHttpRequest</a></code> for compatibility
1.128 avankest 200: with the Web, though each component of this name is potentially
1.60 avankest 201: misleading. First, the object supports any text based format, including
202: XML. Second, it can be used to make requests over both HTTP and HTTPS
203: (some implementations support protocols in addition to HTTP and HTTPS, but
204: that functionality is not covered by this specification). Finally, it
205: supports "requests" in a broad sense of the term as it pertains to HTTP;
206: namely all activity involved with HTTP requests or responses for the
207: defined HTTP methods.
1.2 avankest 208:
1.25 avankest 209: <div class=example>
1.18 avankest 210: <p>Some simple code to do something with data from an XML document fetched
211: over the network:</p>
212:
1.60 avankest 213: <pre><code>function test(data) {
1.18 avankest 214: // taking care of data
215: }
216:
217: function handler() {
1.118 avankest 218: if(this.readyState == 4 && this.status == 200) {
1.18 avankest 219: // so far so good
1.118 avankest 220: if(this.responseXML != null && this.responseXML.getElementById('test').firstChild.data)
221: // success!
1.18 avankest 222: test(this.responseXML.getElementById('test').firstChild.data);
223: else
224: test(null);
1.118 avankest 225: } else if (this.readyState == 4 && this.status != 200) {
1.18 avankest 226: // fetched the wrong page or network error...
227: test(null);
228: }
229: }
230:
231: var client = new XMLHttpRequest();
232: client.onreadystatechange = handler;
233: client.open("GET", "test.xml");
1.60 avankest 234: client.send();</code></pre>
1.18 avankest 235:
1.58 avankest 236: <p>If you just want to log a message to the server:</p>
1.18 avankest 237:
1.60 avankest 238: <pre><code>function log(message) {
1.18 avankest 239: var client = new XMLHttpRequest();
1.58 avankest 240: client.open("POST", "/log");
1.59 avankest 241: client.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
1.18 avankest 242: client.send(message);
1.60 avankest 243: }</code></pre>
1.18 avankest 244:
245: <p>Or if you want to check the status of a document on the server:</p>
246:
1.60 avankest 247: <pre><code>function fetchStatus(address) {
1.18 avankest 248: var client = new XMLHttpRequest();
249: client.onreadystatechange = function() {
250: // in case of network errors this might not give reliable results
251: if(this.readyState == 4)
252: returnStatus(this.status);
253: }
254: client.open("HEAD", address);
255: client.send();
1.60 avankest 256: }</code></pre>
1.18 avankest 257: </div>
1.2 avankest 258:
1.154 avankest 259: <h2 id=conformance><span class=secno>2. </span>Conformance</h2>
1.2 avankest 260:
1.29 avankest 261: <p>Everything in this specification is normative except for diagrams,
1.2 avankest 262: examples, notes and sections marked non-normative.
263:
1.25 avankest 264: <p>The key words <em class=ct>must</em>, <em class=ct>must not</em>, <em
1.75 avankest 265: class=ct>should</em> and <em class=ct>may</em> in this document are to be
266: interpreted as described in RFC 2119. [<cite><a
1.146 avankest 267: href="#ref-rfc2119">RFC2119</a></cite>]
1.2 avankest 268:
269: <p>This specification defines the following classes of products:
270:
271: <dl>
1.75 avankest 272: <dt><dfn id=conforming-user-agent>Conforming user agent</dfn>
1.2 avankest 273:
1.75 avankest 274: <dd>
275: <p>A user agent <em class=ct>must</em> behave as described in this
1.107 avankest 276: specification in order to be considered conformant.</p>
1.75 avankest 277:
1.141 avankest 278: <p>If the user agent is not a conforming XML user agent the <a
279: href="#xml-response-entity-body">XML response entity body</a> <em
280: class=ct>must</em> (always) be <code>null</code>.</p>
281:
282: <p>User agents <em class=ct>may</em> implement algorithms given in this
283: specification in any way desired, so long as the end result is
284: indistinguishable from the result that would be obtained by the
285: specification's algorithms.</p>
1.2 avankest 286:
1.96 avankest 287: <p class=note>This specification uses both the terms "conforming user
288: agent(s)" and "user agent(s)" to refer to this product class.</p>
289:
1.95 avankest 290: <dt><dfn id=conforming-xml-user-agent>Conforming XML user agent</dfn>
291:
292: <dd>
1.164 avankest 293: <p>An XML user agent <em class=ct>must</em> be a <a
294: href="#conforming-user-agent">conforming user agent</a> and <em
295: class=ct>must</em> be a conforming XML processor that reports violations
296: of namespace well-formedness. [<cite><a href="#ref-xml">XML</a></cite>]
297: [<cite><a href="#ref-xmlns">XMLNS</a></cite>]
1.2 avankest 298: </dl>
299:
1.168 avankest 300: <h3 id=dependencies><span class=secno>2.1 </span>Dependencies</h3>
1.2 avankest 301:
1.31 avankest 302: <p>This specification relies on several underlying specifications.
1.2 avankest 303:
1.31 avankest 304: <dl>
305: <dt>DOM
1.2 avankest 306:
1.31 avankest 307: <dd>
1.127 avankest 308: <p>A <a href="#conforming-user-agent" title="conforming user
1.177 avankest 309: agent">conforming user agent</a> <em class=ct>must</em> support at least
310: the subset of the functionality defined in DOM Events and DOM Core that
1.183 avankest 311: this specification relies upon, such as various exceptions and
312: <code>EventTarget</code>. [<cite><a
1.156 avankest 313: href="#ref-dom2events">DOM2Events</a></cite>] [<cite><a
314: href="#ref-dom3core">DOM3Core</a></cite>]
1.2 avankest 315:
1.162 avankest 316: <dt>HTML 5
317:
318: <dd>
1.183 avankest 319: <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
1.190 avankest 320: class=ct>must</em> support at least the subset of the functionality
321: defined in HTML 5 that this specification relies upon, such as the
1.198 avankest 322: basics of the <code>Window</code> object and serializing a
323: <code>Document</code> object. [<cite><a
324: href="#ref-html5">HTML5</a></cite>]</p>
1.190 avankest 325:
1.162 avankest 326: <p class=note>The <a
327: href="http://www.w3.org/TR/2006/WD-Window-20060407/">Window Object
328: 1.0</a> draft is not referenced normatively as it appears to be no
329: longer maintained and HTML 5 defines the <code>Window</code> object
330: in more detail. This specification already depends on HTML 5 for
331: other reasons so there is not much additional overhead because of this.</p>
332:
1.31 avankest 333: <dt>HTTP
1.11 avankest 334:
1.31 avankest 335: <dd>
1.156 avankest 336: <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
337: class=ct>must</em> support some version of the HTTP protocol. It <em
338: class=ct>should</em> support any HTTP method that matches the <a
339: href="#method"><code>Method</code> production</a> and <em
340: class=ct>must</em> at least support the following methods:</p>
1.81 avankest 341:
1.60 avankest 342: <ul>
343: <li><code>GET</code>
344:
345: <li><code>POST</code>
346:
347: <li><code>HEAD</code>
348:
349: <li><code>PUT</code>
350:
351: <li><code>DELETE</code>
352:
353: <li><code>OPTIONS</code>
354: </ul>
355:
356: <p>Other requirements regarding HTTP are made throughout the
1.146 avankest 357: specification. [<cite><a href="#ref-rfc2616">RFC2616</a></cite>]</p>
1.182 avankest 358:
359: <dt>Web IDL
360:
361: <dd>A <a href="#conforming-user-agent">conforming user agent</a> <em
362: class=ct>must</em> also be a conforming implementation of the IDL
363: fragment in this specification, as described in the Web IDL
364: specification. [<cite><span>WebIDL</span></cite>]
1.31 avankest 365: </dl>
1.2 avankest 366:
1.168 avankest 367: <h3 id=terminology><span class=secno>2.2 </span>Terminology</h3>
1.81 avankest 368:
369: <p>There is a <dfn id=case-insensitive-match>case-insensitive match</dfn>
1.154 avankest 370: of strings <var>s1</var> and <var>s2</var> if after mapping the ASCII
371: character range A-Z to the range a-z both strings are identical.
1.2 avankest 372:
1.185 avankest 373: <p>The terms <dfn id=origin>origin</dfn>, <dfn id=same-origin>same
374: origin</dfn>, and <dfn id=event-handler-attribute>event handler DOM
375: attribute</dfn> are defined by the HTML 5 specification. [<cite><a
1.158 avankest 376: href="#ref-html5">HTML5</a></cite>]
1.156 avankest 377:
1.168 avankest 378: <h3 id=extensibility><span class=secno>2.3 </span>Extensibility</h3>
1.2 avankest 379:
1.82 avankest 380: <p>Extensions of the API defined by this specification are <em>strongly
1.31 avankest 381: discouraged</em>. User agents, Working Groups and other interested parties
1.35 avankest 382: should discuss extensions on a relevant public forum, preferably <a
1.31 avankest 383: href="mailto:public-webapi@w3.org">public-webapi@w3.org</a>.
1.2 avankest 384:
1.154 avankest 385: <h2 id=security><span class=secno>3. </span>Security Considerations</h2>
386:
1.155 avankest 387: <p>Apart from requirements affecting security made throughout this
388: specification implementations <em class=ct>may</em>, at their discretion,
1.176 avankest 389: not expose certain headers, such as headers containing HttpOnly cookies.
1.178 avankest 390: [<cite><a href="#ref-httponly">HTTPONLY</a></cite>]
1.154 avankest 391:
392: <h2 id=xmlhttprequest><span class=secno>4. </span>The <code
1.16 avankest 393: title="">XMLHttpRequest</code> Object</h2>
1.2 avankest 394:
1.60 avankest 395: <p>The <code><a href="#xmlhttprequest-object">XMLHttpRequest</a></code>
396: object can be used by scripts to programmatically connect to their
397: originating server via HTTP.
1.2 avankest 398:
399: <p>Objects implementing the <code><a
1.60 avankest 400: href="#xmlhttprequest-object">XMLHttpRequest</a></code> interface <em
401: class=ct>must</em> also implement the <code>EventTarget</code> interface.
1.156 avankest 402: [<cite><a href="#ref-dom2events">DOM2Events</a></cite>]
1.60 avankest 403:
404: <p>Objects implementing the <code title="">Window</code> interface <em
405: class=ct>must</em> provide an <code title="">XMLHttpRequest()</code>
1.156 avankest 406: constructor. [<cite><a href="#ref-html5">HTML5</a></cite>]
1.2 avankest 407:
1.25 avankest 408: <div class=example>
1.60 avankest 409: <p>In ECMAScript this can be used as follows:</p>
1.118 avankest 410:
1.60 avankest 411: <pre><code>var client = new XMLHttpRequest();</code></pre>
1.1 avankest 412: </div>
1.2 avankest 413:
1.60 avankest 414: <p>When the <code title="">XMLHttpRequest()</code> constructor is invoked a
1.158 avankest 415: persistent pointer to the associated <code title="">Document</code> object
416: is stored on the newly created object. This is the <dfn
417: id=document-pointer title="Document pointer"><code>Document</code>
418: pointer</dfn>. The associated <code>Document</code> object is the one
419: returned by the <code>document</code> attribute from the object on which
420: the <code title="">XMLHttpRequest()</code> constructor was invoked (a
421: <code>Window</code> object). The pointer can become "null" if the object
422: is destroyed.
423:
424: <p class=note>As per the conformance criteria implementations are free to
1.196 avankest 425: implement the <code>Document</code> pointer in any way they desire as long
426: as the end results are identical to those given by the English prose.
1.2 avankest 427:
1.60 avankest 428: <div class=example>
1.158 avankest 429: <p>If <var><code>iframe</code></var> is a <code title="">Window</code>
1.176 avankest 430: object, <var><code>client</code></var> will have a pointer to
1.158 avankest 431: <var><code>iframe.document</code></var> in the following example:</p>
1.60 avankest 432:
1.158 avankest 433: <pre><code>var client = new iframe.XMLHttpRequest()</code></pre>
1.60 avankest 434: </div>
1.11 avankest 435:
1.60 avankest 436: <pre
1.182 avankest 437: class=idl>[Constructor] interface <dfn id=xmlhttprequest-object>XMLHttpRequest</dfn> {
1.60 avankest 438: // event handler
1.132 avankest 439: attribute EventListener <a href="#onreadystatechange">onreadystatechange</a>;
1.60 avankest 440:
441: // state
1.135 avankest 442: const unsigned short <a href="#unsent-state" title="UNSENT state">UNSENT</a> = 0;
443: const unsigned short <a href="#opened-state" title="OPENED state">OPENED</a> = 1;
1.132 avankest 444: const unsigned short <a href="#headers-received-state" title="HEADERS_RECEIVED state">HEADERS_RECEIVED</a> = 2;
445: const unsigned short <a href="#loading-state" title="LOADING state">LOADING</a> = 3;
446: const unsigned short <a href="#done-state" title="DONE state">DONE</a> = 4;
447: readonly attribute unsigned short <a href="#readystate">readyState</a>;
1.60 avankest 448:
449: // request
1.132 avankest 450: void <a href="#open">open</a>(in DOMString <var>method</var>, in DOMString <var>url</var>);
451: void <a href="#open">open</a>(in DOMString <var>method</var>, in DOMString <var>url</var>, in boolean <var>async</var>);
1.182 avankest 452: void <a href="#open">open</a>(in DOMString <var>method</var>, in DOMString <var>url</var>, in boolean <var>async</var>, [Null=Null, Undefined=Null] in DOMString <var>user</var>);
453: void <a href="#open">open</a>(in DOMString <var>method</var>, in DOMString <var>url</var>, in boolean <var>async</var>, [Null=Null, Undefined=Null] in DOMString <var>user</var>, [Null=Null, Undefined=Null] in DOMString <var>password</var>);
1.132 avankest 454: void <a href="#setrequestheader">setRequestHeader</a>(in DOMString <var>header</var>, in DOMString <var>value</var>);
455: void <a href="#send">send</a>();
1.182 avankest 456: void <a href="#send">send</a>([Null=Null, Undefined=Null] in DOMString <var>data</var>);
1.132 avankest 457: void <a href="#send">send</a>(in Document <var>data</var>);
458: void <a href="#abort">abort</a>();
1.60 avankest 459:
460: // response
1.132 avankest 461: DOMString <a href="#getallresponseheaders">getAllResponseHeaders</a>();
462: DOMString <a href="#getresponseheader">getResponseHeader</a>(in DOMString <var>header</var>);
463: readonly attribute DOMString <a href="#responsetext">responseText</a>;
464: readonly attribute Document <a href="#responsexml">responseXML</a>;
465: readonly attribute unsigned short <a href="#status">status</a>;
466: readonly attribute DOMString <a href="#statustext">statusText</a>;
1.5 avankest 467: };</pre>
1.2 avankest 468:
1.60 avankest 469: <p>The <code><a href="#xmlhttprequest-object">XMLHttpRequest</a></code>
1.135 avankest 470: object can be in five states: <a href="#unsent-state" title="UNSENT
471: state">UNSENT</a>, <a href="#opened-state" title="OPENED
472: state">OPENED</a>, <a href="#headers-received-state"
473: title="HEADERS_RECEIVED state">HEADERS_RECEIVED</a>, <a
474: href="#loading-state" title="LOADING state">LOADING</a> and <a
475: href="#done-state" title="DONE state">DONE</a>. The current state is
476: exposed through the <code><a href="#readystate">readyState</a></code>
477: attribute. The method definitions below define when a state transition
478: takes place.
1.60 avankest 479:
480: <p>When constructed, the <code><a
481: href="#xmlhttprequest-object">XMLHttpRequest</a></code> object <em
1.72 avankest 482: class=ct>must</em> be in the UNSENT state. This state is represented by
1.135 avankest 483: the <dfn id=unsent-state title="UNSENT state"><code>UNSENT</code></dfn>
1.72 avankest 484: constant, whose value is <code>0</code>.
1.60 avankest 485:
1.135 avankest 486: <p>The OPENED state is the state of the object when the <code><a
1.132 avankest 487: href="#open">open()</a></code> method has been successfully invoked.
1.185 avankest 488: During this state <a href="#author-request-headers">author request
489: headers</a> can be set using <code><a
1.132 avankest 490: href="#setrequestheader">setRequestHeader()</a></code> and the request can
491: be made using <code><a href="#send">send()</a></code>. This state is
1.135 avankest 492: represented by the <dfn id=opened-state title="OPENED
493: state"><code>OPENED</code></dfn> constant, whose value is <code>1</code>.
1.60 avankest 494:
1.135 avankest 495: <p>The OPENED state has an associated <dfn id=send-flag><code>send()</code>
1.186 avankest 496: flag</dfn> that indicates whether the <code><a
1.175 avankest 497: href="#send">send()</a></code> method has been invoked. It can be either
498: "true" or "false" and has an initial value of "false".
1.88 avankest 499:
1.124 avankest 500: <p>The HEADERS_RECEIVED state is the state of the object when all response
501: headers have been received. This state is represented by the <dfn
1.132 avankest 502: id=headers-received-state title="HEADERS_RECEIVED
1.124 avankest 503: state"><code>HEADERS_RECEIVED</code></dfn> constant, whose value is
504: <code>2</code>.
505:
506: <p>The LOADING state is the state of the object when the response entity
1.132 avankest 507: body is being received. This state is represented by the <dfn
508: id=loading-state title="LOADING state"><code>LOADING</code></dfn>
509: constant, whose value is <code>3</code>.
1.60 avankest 510:
1.80 avankest 511: <p>The DONE state is the state of the object when either the data transfer
512: has been completed or something went wrong during the transfer (infinite
1.132 avankest 513: redirects for instance). This state is represented by the <dfn
514: id=done-state title="DONE state"><code>DONE</code></dfn> constant, whose
515: value is <code>4</code>.
1.60 avankest 516:
1.125 avankest 517: <p>The DONE state has an associated <dfn id=error-flag>error flag</dfn>
1.186 avankest 518: that indicates some type of network error or abortion. It can be either
1.175 avankest 519: "true" or "false" and has an initial value of "false".
1.125 avankest 520:
1.89 avankest 521: <p>The <dfn id=response-entity-body>response entity body</dfn> is the
1.132 avankest 522: fragment of the <a href="#entity-body">entity body</a> received so far
1.89 avankest 523: (LOADING state) or the complete entity body (DONE state). If there is no
524: entity body the response entity body is "null".
525:
526: <p>The <dfn id=text-response-entity-body>text response entity body</dfn> is
1.170 avankest 527: a <code>DOMString</code> representing the <a
528: href="#response-entity-body">response entity body</a>. The text response
529: entity body is the return value of the following algorithm:
1.89 avankest 530:
531: <ol>
1.91 avankest 532: <li>
1.168 avankest 533: <p>If the response entity body is "null" return the empty string and
1.108 avankest 534: terminate these steps.</p>
1.91 avankest 535:
536: <li>
1.114 avankest 537: <p>Let <var>charset</var> be "null".
1.112 avankest 538:
539: <li>
1.91 avankest 540: <p>If there is no <code>Content-Type</code> header or there is a
541: <code>Content-Type</code> header which contains a MIME type that is
1.117 avankest 542: <code>text/xml</code>, <code>application/xml</code> or ends in <code
543: title="">+xml</code> (ignoring any parameters) use the rules set forth
1.127 avankest 544: in the XML specifications to determine the character encoding. Let
1.196 avankest 545: <var>charset</var> be the determined character encoding. [<cite><a
546: href="#ref-xml">XML</a></cite>] [<cite><a
547: href="#ref-xmlns">XMLNS</a></cite>]
1.91 avankest 548:
549: <li>
1.186 avankest 550: <p>If the <code>Content-Type</code> header contains a
1.146 avankest 551: <code>text/html</code> MIME type follow the rules set forth in the
552: HTML 5 specification to determine the character encoding. Let
1.143 avankest 553: <var>charset</var> be the determined character encoding. [<cite><a
1.146 avankest 554: href="#ref-html5">HTML5</a></cite>]
1.119 avankest 555:
556: <li>
1.141 avankest 557: <p>If the MIME type specified by the <code>Content-Type</code> header
558: contains a <code>charset</code> parameter and <var>charset</var> is
559: "null" let <var>charset</var> be the value of that parameter.</p>
1.116 avankest 560:
1.119 avankest 561: <p class=note>The algorithms described by the XML and HTML specifications
562: already take <code>Content-Type</code> into account.</p>
1.112 avankest 563:
564: <li> <!-- This stuff is copied from HTML5. Thanks Hixie! -->
1.114 avankest 565: <p>If <var>charset</var> is "null" then, for each of the rows in the
566: following table, starting with the first one and going down, if the
1.128 avankest 567: first bytes of <var>bytes</var> match the bytes given in the first
568: column, then let <var>charset</var> be the encoding given in the cell in
569: the second column of that row. If there is no match <var>charset</var>
570: remains "null".</p>
1.112 avankest 571:
572: <table>
573: <thead>
574: <tr>
575: <th>Bytes in Hexadecimal
576:
577: <th>Description
578:
1.189 avankest 579: <tbody><!-- UTF-32 is dead
1.112 avankest 580: <tr>
581: <td>00 00 FE FF
582: <td>UTF-32BE BOM
583: <tr>
584: <td>FF FE 00 00
1.189 avankest 585: <td>UTF-32LE BOM-->
1.112 avankest 586:
587: <tr>
588: <td>FE FF
589:
590: <td>UTF-16BE BOM
591:
592: <tr>
593: <td>FF FE
594:
595: <td>UTF-16LE BOM
596:
597: <tr>
598: <td>EF BB BF
599:
1.118 avankest 600: <td>UTF-8 BOM<!-- nobody uses this
601: <tr>
602: <td>DD 73 66 73
603: <td>UTF-EBCDIC
1.112 avankest 604: -->
605:
606: </table>
607:
608: <li>
1.114 avankest 609: <p>If <var>charset</var> is "null" let <var>charset</var> be UTF-8.
1.91 avankest 610:
611: <li>
1.108 avankest 612: <p>Return the result of decoding the response entity body using
1.168 avankest 613: <var>charset</var>. Replace bytes or sequences of bytes that are not
1.174 avankest 614: valid according to the <var>charset</var> with a single U+FFFD
1.193 avankest 615: REPLACEMENT CHARACTER character.
1.89 avankest 616: </ol>
617:
1.186 avankest 618: <p class=note>Authors are encouraged to encode their resources using UTF-8.
1.164 avankest 619:
1.108 avankest 620: <p>The <dfn id=xml-response-entity-body>XML response entity body</dfn> is
621: either a <code>Document</code> representing the <a
1.127 avankest 622: href="#response-entity-body">response entity body</a> or
623: <code>null</code>. The XML response entity body is the return value of the
624: following algorithm:
1.89 avankest 625:
626: <ol>
1.91 avankest 627: <li>
1.108 avankest 628: <p>If the response entity body is "null" terminate these steps and return
629: <code>null</code>.
1.89 avankest 630:
631: <li>
1.104 avankest 632: <p>If a <code>Content-Type</code> is present and it does not contain a
633: MIME type (ignoring any parameters) that is <code>text/xml</code>,
1.117 avankest 634: <code>application/xml</code> or ends in <code title="">+xml</code>
635: terminate these steps and return <code>null</code>. (Do not terminate
636: these steps if there is no <code>Content-Type</code> header at all.)
1.89 avankest 637:
638: <li>
1.129 avankest 639: <p>Parse the response entity body into a document tree following the
640: rules from the XML specifications. Let the result be <var>parsed
641: document</var>. If this fails (unsupported character encoding, namespace
1.197 avankest 642: well-formedness error, et cetera) terminate these steps return
1.129 avankest 643: <code>null</code>. [<cite><a href="#ref-xml">XML</a></cite>] [<cite><a
644: href="#ref-xmlns">XMLNS</a></cite>]</p>
645:
646: <p class=note>Scripts in the resulting document tree will not be
647: executed, resources referenced will not be loaded and no associated XSLT
648: will be applied.</p>
1.89 avankest 649:
650: <li>
1.97 avankest 651: <p>Return an object implementing the <code>Document</code> interface
652: representing the <var>parsed document</var>.
1.89 avankest 653: </ol>
654:
1.6 avankest 655: <dl>
1.132 avankest 656: <dt><dfn id=onreadystatechange><code>onreadystatechange</code></dfn> of
1.158 avankest 657: type <code>EventListener</code>
1.2 avankest 658:
659: <dd>
1.158 avankest 660: <p>This attribute is an <a href="#event-handler-attribute">event handler
661: DOM attribute</a> and <em class=ct>must</em> be invoked whenever a
662: <code><a href="#readystatechange">readystatechange</a></code> event is
1.174 avankest 663: targeted at the object.
1.2 avankest 664:
1.132 avankest 665: <dt><dfn id=readystate><code>readyState</code></dfn> of type
1.2 avankest 666: <code>unsigned short</code>, readonly
667:
668: <dd>
1.186 avankest 669: <p>On getting, the attribute <em class=ct>must</em> return the value of
1.151 avankest 670: the constant corresponding to the object's current state.
1.2 avankest 671:
1.132 avankest 672: <dt><dfn id=open title=open><code>open(<var>method</var>, <var>url</var>,
673: <var>async</var>, <var>user</var>, <var>password</var>)</code></dfn>,
674: method
1.2 avankest 675:
1.60 avankest 676: <dd>
677: <p>When invoked, the user agent <em class=ct>must</em> follow the
1.97 avankest 678: following steps (unless otherwise indicated):</p>
1.2 avankest 679:
1.60 avankest 680: <ol>
681: <li>
1.157 avankest 682: <p>Let <var>stored method</var> be the <var>method</var> argument.
683:
684: <li>
685: <p>If <var>stored method</var> does not match the <dfn
686: id=method><code>Method</code> production</dfn>, defined in section
687: 5.1.1 of RFC 2616, raise a <code>SYNTAX_ERR</code> exception and
1.146 avankest 688: terminate these steps. [<cite><a
689: href="#ref-rfc2616">RFC2616</a></cite>]
1.2 avankest 690:
1.60 avankest 691: <li>
1.157 avankest 692: <p>If <var>stored method</var> <a href="#case-insensitive-match"
693: title="case-insensitive match">case-insensitively matches</a>
694: <code>CONNECT</code>, <code>DELETE</code>, <code>GET</code>,
1.176 avankest 695: <code>HEAD</code>, <code>OPTIONS</code>, <code>POST</code>,
1.157 avankest 696: <code>PUT</code>, <code>TRACE</code>, or <code>TRACK</code> let
697: <var>stored method</var> be the canonical uppercase form of the
1.184 avankest 698: matched method name.</p>
699:
700: <p class=note>If it does not match any of the above, it is passed
701: through literally, including in the final request.</p>
1.157 avankest 702: </li>
703: <!-- WebKit (and supposedly Firefox) also uppercase: COPY, INDEX, LOCK,
704: M-POST, MKCOL, MOVE, PROPFIND, PROPPATCH, and UNLOCK. -->
705:
706: <li>
707: <p>If <var>stored method</var> is one of <code>CONNECT</code>,
708: <code>TRACE</code>, or <code>TRACK</code> the user agent <em
709: class=ct>should</em> raise a <code><a
1.139 avankest 710: href="#security-err">SECURITY_ERR</a></code> exception and terminate
1.177 avankest 711: these steps.</p>
712:
1.199 avankest 713: <p class=note>Allowing these methods would pose a security risk.
714: [<cite><a href="#ref-httpverbsec">HTTPVERBSEC</a></cite>]</p>
1.2 avankest 715:
1.60 avankest 716: <li>
1.188 avankest 717: <p>If <var>stored url</var> is a relative reference as defined by RFC
1.190 avankest 718: 3987, resolve it using the current value of the <code>baseURI</code>
1.188 avankest 719: attribute of the <a href="#document-pointer"><code>Document</code>
720: pointer</a>. If this fails raise a <code>SYNTAX_ERR</code> exception
721: and terminate these steps. [<cite><a
722: href="#ref-rfc3987">RFC3987</a></cite>]
723:
724: <li>
1.192 avankest 725: <p>Convert <var>stored url</var> to a URI as defined by section 3.1 of
1.197 avankest 726: RFC 3987. If this fails (the ToASCII operation fails for instance),
727: raise a <code>SYNTAX_ERR</code> exception and terminate these steps.
728: [<cite><a href="#ref-rfc3987">RFC3987</a></cite>]
1.192 avankest 729:
730: <li>
1.60 avankest 731: <p>Drop the fragment identifier (if any) from <var>url</var> and let
732: <var>stored url</var> be the result of that operation.
1.2 avankest 733:
1.60 avankest 734: <li>
1.102 avankest 735: <p>If <var>stored url</var> contains an unsupported scheme raise a
736: <code>NOT_SUPPORTED_ERR</code> and terminate these steps.
737:
738: <li>
1.60 avankest 739: <p>If the <code>"user:password"</code> format in the
740: <code>userinfo</code> production defined in section 3.2.1 of RFC 3986
741: is not supported for the relevant scheme and <var>stored url</var>
1.99 avankest 742: contains this format raise a <code>SYNTAX_ERR</code> and terminate
743: these steps. [<cite><a href="#ref-rfc3986">RFC3986</a></cite>]
1.2 avankest 744:
1.60 avankest 745: <li>
746: <p>If <var>stored url</var> contains the <code>"user:password"</code>
747: format let <var>stored user</var> be the user part and <var>stored
748: password</var> be the password part.
1.2 avankest 749:
1.60 avankest 750: <li>
751: <p>If <var>stored url</var> just contains the <code>"user"</code>
752: format let <var>stored user</var> be the user part.
1.24 avankest 753:
1.60 avankest 754: <li>
1.185 avankest 755: <p>If <var>stored url</var> is not of the <a href="#same-origin">same
756: origin</a> as the <a href="#origin">origin</a> of the <a
1.158 avankest 757: href="#document-pointer"><code>Document</code> pointer</a> the user
758: agent <em class=ct>should</em> raise a <code><a
1.148 avankest 759: href="#security-err">SECURITY_ERR</a></code> exception and terminate
1.158 avankest 760: these steps.
1.70 avankest 761:
1.60 avankest 762: <li>
763: <p>Let <var>async</var> be the value of the <var>async</var> argument
1.103 avankest 764: or <code>true</code> if it was omitted.
1.60 avankest 765:
766: <li>
1.127 avankest 767: <p>If the <var>user</var> argument was not omitted, and its syntax does
768: not match that specified by the relevant authentication scheme, raise
769: a <code>SYNTAX_ERR</code> exception and terminate these steps.
1.60 avankest 770:
771: <li>
772: <p>If the <var>user</var> argument was not omitted and is not
1.191 avankest 773: <code>null</code>, let <var>stored user</var> be <var>user</var>.</p>
1.2 avankest 774:
1.60 avankest 775: <p class=note>This step overrides any user that may have been set by
776: the <var>url</var> argument.</p>
1.17 avankest 777:
1.60 avankest 778: <li>
779: <p>If the <var>user</var> argument was not omitted and is
780: <code>null</code> remove <var>stored user</var>.
1.17 avankest 781:
1.60 avankest 782: <li>
783: <p>If the <var>password</var> argument was not omitted and its syntax
784: does not match that specified by the relevant authentication scheme
1.99 avankest 785: raise a <code>SYNTAX_ERR</code> exception and terminate these steps.
1.17 avankest 786:
1.60 avankest 787: <li>
788: <p>If the <var>password</var> argument was not omitted and is not
1.191 avankest 789: <code>null</code>, let <var>stored password</var> be
790: <var>password</var>.</p>
1.17 avankest 791:
1.60 avankest 792: <li>
793: <p>If the <var>password</var> argument was not omitted and is
794: <code>null</code> remove <var>stored password</var>.
1.17 avankest 795:
1.60 avankest 796: <li>
1.109 avankest 797: <p><a href="#abort-send-algorithm" title="abort send()">Abort the
798: <code>send()</code> algorithm</a>, set <a
799: href="#response-entity-body">response entity body</a> to "null" and
1.185 avankest 800: empty the list of <a href="#author-request-headers">author request
1.190 avankest 801: headers</a>.</p>
1.44 avankest 802:
1.176 avankest 803: <p class=note>This step and the next only has effect if <code><a
804: href="#send">send()</a></code> and/or <code><a
805: href="#setrequestheader">setRequestHeader()</a></code> has been used.</p>
806:
1.60 avankest 807: <li>
1.109 avankest 808: <p>The user agent <em class=ct>should</em> cancel any network activity
809: for which the object is responsible.
1.60 avankest 810: </li>
811: <!-- we can hardly require it... -->
1.22 avankest 812:
1.60 avankest 813: <li>
1.135 avankest 814: <p>Switch the object to the <a href="#opened-state" title="OPENED
815: state">OPENED</a> state, set the <a
1.132 avankest 816: href="#send-flag"><code>send()</code> flag</a> to "false" and then
817: synchronously dispatch a <code><a
818: href="#readystatechange">readystatechange</a></code> event on the
1.97 avankest 819: object and return the method call.
1.60 avankest 820: </ol>
1.24 avankest 821:
1.25 avankest 822: <p class=note>A future version or extension of this specification will
1.35 avankest 823: most likely define a way of doing cross-site requests.</p>
1.26 avankest 824:
1.132 avankest 825: <dt><dfn id=setrequestheader
1.25 avankest 826: title=setrequestheader><code>setRequestHeader(<var>header</var>,
1.18 avankest 827: <var>value</var>)</code></dfn>, method
1.6 avankest 828:
829: <dd>
1.185 avankest 830: <p> The object has an associated list of <dfn
831: id=author-request-headers>author request headers</dfn> consisting of
832: HTTP header name/value pairs. The <code><a
833: href="#setrequestheader">setRequestHeader()</a></code> method can be
834: used to set new request headers and append to request headers already in
835: the list.</p>
836:
837: <p>As indicated in the algorithm below certain headers cannot be set and
838: are left up to the user agent. In addition there are certain other
839: headers the user agent will take control of if they are not set by the
840: author as indicated at the end of the <code><a
841: href="#send">send()</a></code> method section.</p>
1.164 avankest 842:
843: <p class=note>The <code><a
844: href="#setrequestheader">setRequestHeader()</a></code> method appends a
1.190 avankest 845: value if the HTTP header given as argument is already part of the <a
846: href="#author-request-headers">author request headers</a> list.</p>
1.47 avankest 847:
1.60 avankest 848: <p>When invoked, the user agent <em class=ct>must</em> follow the
1.97 avankest 849: following steps (unless otherwise indicated):</p>
1.60 avankest 850:
851: <ol>
852: <li>
1.135 avankest 853: <p>If the state of the object is not <a href="#opened-state"
854: title="OPENED state">OPENED</a> raise an
855: <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.6 avankest 856:
1.60 avankest 857: <li>
1.104 avankest 858: <p>If the <a href="#send-flag"><code>send()</code> flag</a> is "true"
1.99 avankest 859: raise an <code>INVALID_STATE_ERR</code> exception and terminate these
1.97 avankest 860: steps.
1.60 avankest 861:
862: <li>
1.98 avankest 863: <p>If the <var>header</var> argument does not match the <dfn
1.60 avankest 864: id=field-name><code>field-name</code> production</dfn> as defined by
1.182 avankest 865: section 4.2 of RFC 2616 raise a <code>SYNTAX_ERR</code> exception and
866: terminate these steps. [<cite><a
1.146 avankest 867: href="#ref-rfc2616">RFC2616</a></cite>]
1.71 avankest 868:
869: <li>
1.98 avankest 870: <p>If the <var>value</var> argument does not match the <dfn
1.60 avankest 871: id=field-value><code>field-value</code> production</dfn> as defined by
1.99 avankest 872: section 4.2 of RFC 2616 raise a <code>SYNTAX_ERR</code> and terminate
1.179 avankest 873: these steps. [<cite><a href="#ref-rfc2616">RFC2616</a></cite>]</p>
874:
1.185 avankest 875: <p class=note>The empty string is legal and represents the empty header
876: value.</p>
1.60 avankest 877:
878: <li>
1.133 avankest 879: <p>For security reasons, these steps <em class=ct>should</em> be
1.99 avankest 880: terminated if the <var>header</var> argument <a
881: href="#case-insensitive-match" title="case-insensitive
882: match">case-insensitively matches</a> one of the following headers:</p>
1.34 avankest 883:
884: <ul>
885: <li><code>Accept-Charset</code>
886:
887: <li><code>Accept-Encoding</code>
888:
1.177 avankest 889: <li><code>Authorization</code>
890:
1.69 avankest 891: <li><code>Connection</code>
892:
1.34 avankest 893: <li><code>Content-Length</code>
894:
1.177 avankest 895: <li><code>Cookie</code>
896:
897: <li><code>Cookie2</code>
898:
1.69 avankest 899: <li><code>Content-Transfer-Encoding</code>
900:
901: <li><code>Date</code>
902:
1.34 avankest 903: <li><code>Expect</code>
904:
905: <li><code>Host</code>
906:
907: <li><code>Keep-Alive</code>
908:
909: <li><code>Referer</code>
910:
911: <li><code>TE</code>
912:
913: <li><code>Trailer</code>
914:
915: <li><code>Transfer-Encoding</code>
916:
917: <li><code>Upgrade</code>
1.69 avankest 918:
1.185 avankest 919: <li><code>User-Agent</code>
920:
1.69 avankest 921: <li><code>Via</code>
1.34 avankest 922: </ul>
1.6 avankest 923:
1.185 avankest 924: <p>… or if the start of the <var>header</var> argument <a
1.169 avankest 925: href="#case-insensitive-match" title="case-insensitive
926: match">case-insensitively matches</a> <code>Proxy-</code> or
1.185 avankest 927: <code>Sec-</code> (including when the argument is just
928: <code>Proxy-</code> or <code>Sec-</code>).</p>
1.133 avankest 929:
1.185 avankest 930: <p class=note>The above headers are not allowed to be set as they are
931: better controlled by the user agent as it knows best what value they
932: should have. Header names starting with <code>Sec-</code> are not
933: allowed to be set to allow new headers to be minted in the future that
934: are guaranteed not to come from <code><a
935: href="#xmlhttprequest-object">XMLHttpRequest</a></code>. (Older
936: clients would however still be vulnerable as they allow such headers
937: to be set.)</p>
938:
939: <li>
940: <p>If the <var>header</var> argument is not in the <a
941: href="#author-request-headers">author request headers</a> list append
942: the <var>header</var> with its associated <var>value</var> to the list
943: and terminate these steps.
1.46 avankest 944:
1.60 avankest 945: <li>
1.185 avankest 946: <p>If the <var>header</var> argument is in the <a
947: href="#author-request-headers">author request headers</a> list either
948: use multiple headers, combine the values or use a combination of those
949: (section 4.2, RFC 2616). [<cite><a
1.146 avankest 950: href="#ref-rfc2616">RFC2616</a></cite>]
1.97 avankest 951: </li>
952: <!-- XXX it seems UAs always combine the values -->
1.60 avankest 953: </ol>
1.18 avankest 954:
1.132 avankest 955: <p class=note>See also the <code><a href="#send">send()</a></code> method
956: regarding user agent header handling for caching, authentication,
1.47 avankest 957: proxies, and cookies.</p>
958:
1.25 avankest 959: <div class=example>
1.60 avankest 960: <pre><code>// The following script:
1.18 avankest 961: var client = new XMLHttpRequest();
962: client.open('GET', 'demo.cgi');
963: client.setRequestHeader('X-Test', 'one');
964: client.setRequestHeader('X-Test', 'two');
965: client.send();
966:
967: // ...would result in the following header being sent:
968: ...
969: X-Test: one, two
1.60 avankest 970: ...</code></pre>
1.18 avankest 971: </div>
1.6 avankest 972:
1.132 avankest 973: <dt><dfn id=send title=send><code>send(<var>data</var>)</code></dfn>,
1.25 avankest 974: method
1.2 avankest 975:
976: <dd>
1.132 avankest 977: <p>The <code><a href="#send">send()</a></code> method initiates the
1.107 avankest 978: request and its optional argument provides the <a
1.164 avankest 979: href="#entity-body">entity body</a>.</p>
980:
981: <p class=note>Authors are encouraged to ensure that they have specified
982: the <code>Content-Type</code> header via <code><a
983: href="#setrequestheader">setRequestHeader()</a></code> before invoking
984: <code><a href="#send">send()</a></code> with a non-<code>null</code>
985: <var>data</var> argument.</p>
1.60 avankest 986:
987: <p>When invoked, the user agent <em class=ct>must</em> follow the
1.109 avankest 988: following steps (unless otherwise noted). Note that this algorithm might
1.132 avankest 989: get aborted if the <code><a href="#open">open()</a></code> or <code><a
990: href="#abort">abort()</a></code> method is invoked. When the <dfn
991: id=abort-send-algorithm title="abort send()"><code>send()</code>
992: algorithm is aborted</dfn> the user agent <em class=ct>must</em>
993: terminate the algorithm after finishing the step it is on.</p>
1.109 avankest 994:
1.193 avankest 995: <p class=note>The <code title="">send()</code> algorithm can only be
996: aborted when <var>async</var> is <code>true</code> (i.e., the request is
997: done asynchronously) and only after the method call has returned.</p>
1.60 avankest 998:
999: <ol>
1000: <li>
1.135 avankest 1001: <p>If the state of the object is not <a href="#opened-state"
1002: title="OPENED state">OPENED</a> raise an
1003: <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60 avankest 1004:
1005: <li>
1.104 avankest 1006: <p>If the <a href="#send-flag"><code>send()</code> flag</a> is "true"
1.99 avankest 1007: raise an <code>INVALID_STATE_ERR</code> exception and terminate these
1.97 avankest 1008: steps.
1.60 avankest 1009:
1010: <li>
1.104 avankest 1011: <p>If <var>async</var> is <code>true</code> set the <a
1012: href="#send-flag"><code>send()</code> flag</a> to "true".
1.103 avankest 1013:
1014: <li>
1.184 avankest 1015: <p>If <var>stored method</var> is <code>GET</code> or <code>HEAD</code>
1016: act as if the <var>data</var> argument is <code>null</code>.</p>
1.167 avankest 1017:
1.60 avankest 1018: <p>If the <var>data</var> argument has not been omitted and is not
1.132 avankest 1019: <code>null</code> use it for the <dfn id=entity-body>entity body</dfn>
1020: as defined by section 7.2 of RFC 2616 observing the following rules:
1.146 avankest 1021: [<cite><a href="#ref-rfc2616">RFC2616</a></cite>]</p>
1.60 avankest 1022:
1.120 avankest 1023: <dl class=switch>
1.60 avankest 1024: <dt><var>data</var> is a <code>DOMString</code>
1025:
1.79 avankest 1026: <dd>
1.164 avankest 1027: <p>Encode <var>data</var> using UTF-8 for transmission.</p>
1028:
1.165 avankest 1029: <p>If a <code>Content-Type</code> header is set using <code><a
1.195 avankest 1030: href="#setrequestheader">setRequestHeader()</a></code> and its value
1031: is not malformed, set the <code>charset</code> parameter of that
1032: header, by either changing the <code>charset</code> parameter (if
1033: one is present) or appending one, to <code>UTF-8</code>.</p>
1034:
1035: <p>If no <code>Content-Type</code> header has been set using <code><a
1036: href="#setrequestheader">setRequestHeader()</a></code> set a
1037: <code>Content-Type</code> request header with a value of
1038: <code>text/plain;charset=UTF-8</code>.</p>
1.60 avankest 1039:
1040: <dt><var>data</var> is a <code>Document</code>
1041:
1042: <dd>
1.182 avankest 1043: <p>Let <var>data</var> be <code><var>data</var>.innerHTML</code> as
1.183 avankest 1044: defined by section 2.5 of HTML 5. Encode it using
1.184 avankest 1045: <code><var>data</var>.inputEncoding</code> or UTF-8 if
1046: <code><var>data</var>.inputEncoding</code> is <code>null</code>.
1047: Re-raise any exceptions the <code><var>data</var>.innerHTML</code>
1048: getter algorithm raises. [<cite><a
1049: href="#ref-html5">HTML5</a></cite>]</p>
1.182 avankest 1050:
1051: <p class=note>If the document cannot be serialized the
1052: <code>document.innerHTML</code> algorithm raises an
1053: <code>INVALID_STATE_ERR</code> exception.</p>
1.166 avankest 1054:
1.195 avankest 1055: <p>If a <code>Content-Type</code> header is set using <code><a
1056: href="#setrequestheader">setRequestHeader()</a></code> and its value
1057: is not malformed, set the <code>charset</code> parameter of that
1058: header, by either changing the <code>charset</code> parameter (if
1059: one is present) or appending one, to the encoding used to encode the
1060: document.</p>
1061:
1.166 avankest 1062: <p>If no <code>Content-Type</code> header has been set using <code><a
1.176 avankest 1063: href="#setrequestheader">setRequestHeader()</a></code> set a
1064: <code>Content-Type</code> request header with a value of
1065: <code>application/xml;charset=<var>charset</var></code> where
1066: <var>charset</var> is the encoding used to encode the document.</p>
1.60 avankest 1067:
1068: <p class=note>Subsequent changes to the <code>Document</code> have no
1069: effect on what is submitted.</p>
1070:
1071: <dt><var>data</var> is not a <code>DOMString</code> or
1072: <code>Document</code>
1073:
1.79 avankest 1074: <dd>
1.97 avankest 1075: <p>Use the stringification mechanisms of the host language on
1076: <var>data</var> and treat the result as if <var>data</var> is a
1.167 avankest 1077: <code>DOMString</code>. Or, if this fails, act as if the
1078: <var>data</var> argument is <code>null</code>.
1.60 avankest 1079: </dl>
1080:
1.127 avankest 1081: <p>If the <var>data</var> argument has been omitted, or is
1082: <code>null</code>, no entity body is used in the request.</p>
1.60 avankest 1083:
1084: <li>
1.72 avankest 1085: <p>Make a request to <var>stored url</var>, using HTTP method
1086: <var>stored method</var>, user <var>stored user</var> (if provided)
1087: and password <var>stored password</var> (if provided), taking into
1.185 avankest 1088: account the entity body, list of <a
1089: href="#author-request-headers">author request headers</a> and the
1090: rules listed directly after this set of steps.
1.60 avankest 1091:
1092: <li>
1.97 avankest 1093: <p>Synchronously dispatch a <code><a
1.132 avankest 1094: href="#readystatechange">readystatechange</a></code> event on the
1.97 avankest 1095: object.</p>
1096:
1097: <p class=note>The state of the object does not change. The event is
1098: dispatched for historical reasons.</p>
1.68 avankest 1099:
1100: <li>
1.103 avankest 1101: <p>If <var>async</var> is <code>true</code> return the <code><a
1.132 avankest 1102: href="#send">send()</a></code> method call. (Do not terminate the
1.103 avankest 1103: steps in the algorithm though.)
1.60 avankest 1104:
1105: <li>
1.176 avankest 1106: <p>While executing the request the following rules are to be observed.</p>
1.119 avankest 1107:
1.120 avankest 1108: <dl class=switch>
1.119 avankest 1109: <dt>If the response is an HTTP redirect
1110:
1111: <dd>
1.146 avankest 1112: <p>If the redirect does not violate security (it is <a
1.185 avankest 1113: href="#same-origin">same origin</a> for instance) or infinite loop
1.146 avankest 1114: precautions and the scheme is supported transparently follow the
1.167 avankest 1115: redirect and go to the start of this step (step 8).</p>
1.119 avankest 1116:
1117: <p class=note>HTTP places requirements on the user agent regarding
1118: the preservation of the request method and entity body during
1119: redirects, and also requires users to be notified of certain kinds
1120: of automatic redirections.</p>
1121: <!-- Arguably HTTP should be fixed for the latter case. No browser
1122: follows that as far as I know. -->
1123:
1124: <p>Otherwise, follow the following set of steps:</p>
1125:
1126: <ol>
1127: <li>
1.125 avankest 1128: <p>Set the <a href="#response-entity-body">response entity body</a>
1129: to "null", the <a href="#error-flag">error flag</a> to "true" and
1.185 avankest 1130: empty the list of <a href="#author-request-headers">author request
1131: headers</a>.
1.119 avankest 1132:
1133: <li>
1.132 avankest 1134: <p>Synchronously switch the state to <a href="#done-state"
1135: title="DONE state">DONE</a>.
1.119 avankest 1136:
1137: <li>
1138: <p>If <var>async</var> is set to <code>false</code> raise a
1139: <code><a href="#network-err">NETWORK_ERR</a></code> exception and
1140: terminate the overall algorithm.
1141:
1142: <li>
1143: <p>Synchronously dispatch a <code><a
1.132 avankest 1144: href="#readystatechange">readystatechange</a></code> event on the
1145: object.
1.119 avankest 1146:
1147: <li>
1148: <p>Terminate the overall algorithm.
1149: </ol>
1150:
1151: <p class=note>It is likely that a future version of the <code><a
1152: href="#xmlhttprequest-object">XMLHttpRequest</a></code> object will
1153: dispatch an <code>error</code> event here as well.</p>
1154:
1155: <dt>If the user cancels the download
1156:
1157: <dd>
1158: <p>Run the following set of steps:</p>
1159:
1160: <ol>
1161: <li>
1.125 avankest 1162: <p>Set the <a href="#response-entity-body">response entity body</a>
1163: to "null", the <a href="#error-flag">error flag</a> to "true" and
1.185 avankest 1164: empty the list of <a href="#author-request-headers">author request
1165: headers</a>.
1.119 avankest 1166:
1167: <li>
1.132 avankest 1168: <p>Synchronously switch the state to <a href="#done-state"
1169: title="DONE state">DONE</a>.
1.119 avankest 1170:
1171: <li>
1.122 avankest 1172: <p>If <var>async</var> is set to <code>false</code> raise an
1173: <code><a href="#abort-err">ABORT_ERR</a></code> exception and
1.119 avankest 1174: terminate the overall algorithm.
1175:
1176: <li>
1177: <p>Synchronously dispatch a <code><a
1.132 avankest 1178: href="#readystatechange">readystatechange</a></code> event on the
1179: object.
1.119 avankest 1180:
1181: <li>
1182: <p>Terminate the overall algorithm.
1183: </ol>
1184:
1185: <p class=note>It is likely that a future version of the <code><a
1186: href="#xmlhttprequest-object">XMLHttpRequest</a></code> object will
1.122 avankest 1187: dispatch an <code title="">abort</code> event here as well.</p>
1.119 avankest 1188:
1189: <dt>In case of network errors
1.118 avankest 1190:
1.119 avankest 1191: <dd>
1.177 avankest 1192: <p>In case of DNS errors, timeout, TLS negotiation failure, or other
1.187 avankest 1193: type of network errors, do not request user interaction and run the
1194: following set of steps:</p>
1195:
1196: <p class=note>This does not include HTTP responses that indicate some
1197: type of error, such as HTTP status code 410.</p>
1.119 avankest 1198:
1199: <ol>
1200: <li>
1.125 avankest 1201: <p>Set the <a href="#response-entity-body">response entity body</a>
1202: to "null", the <a href="#error-flag">error flag</a> to "true" and
1.185 avankest 1203: empty the list of <a href="#author-request-headers">author request
1204: headers</a>.
1.119 avankest 1205:
1206: <li>
1.132 avankest 1207: <p>Synchronously switch the state to <a href="#done-state"
1208: title="DONE state">DONE</a>.
1.119 avankest 1209:
1210: <li>
1211: <p>If <var>async</var> is set to <code>false</code> raise a
1212: <code><a href="#network-err">NETWORK_ERR</a></code> exception and
1213: terminate the overall algorithm.
1214:
1215: <li>
1216: <p>Synchronously dispatch a <code><a
1.132 avankest 1217: href="#readystatechange">readystatechange</a></code> event on the
1218: object.
1.119 avankest 1219:
1220: <li>
1221: <p>Terminate the overall algorithm.
1222: </ol>
1223:
1224: <p class=note>It is likely that a future version of the <code><a
1225: href="#xmlhttprequest-object">XMLHttpRequest</a></code> object will
1226: dispatch an <code>error</code> event here as well.</p>
1227:
1228: <dt>Once all HTTP headers have been received
1.60 avankest 1229:
1.119 avankest 1230: <dd>
1231: <p>If all HTTP headers have been received, before receiving the
1.124 avankest 1232: message body (if any), run the following steps:</p>
1.60 avankest 1233:
1.119 avankest 1234: <ol>
1235: <li>
1.132 avankest 1236: <p>Synchronously switch the state to <a
1237: href="#headers-received-state" title="HEADERS_RECEIVED
1238: state">HEADERS_RECEIVED</a>.
1.119 avankest 1239:
1240: <li>
1241: <p>Synchronously dispatch a <code><a
1.132 avankest 1242: href="#readystatechange">readystatechange</a></code> event on the
1243: object.
1.124 avankest 1244: </ol>
1245:
1246: <dt>Once the first byte (or more) of the response entity body has been
1247: received
1248:
1249: <dt>If there is no response entity body
1.119 avankest 1250:
1.124 avankest 1251: <dd>
1252: <ol>
1.119 avankest 1253: <li>
1.132 avankest 1254: <p>Synchronously switch the state to <a href="#loading-state"
1.119 avankest 1255: title="LOADING state">LOADING</a>.
1256:
1257: <li>
1258: <p>Synchronously dispatch a <code><a
1.132 avankest 1259: href="#readystatechange">readystatechange</a></code> event on the
1260: object.
1.119 avankest 1261: </ol>
1262: </dl>
1.60 avankest 1263:
1.125 avankest 1264: <p>Finally, once the complete resource has been downloaded go to the
1265: next step.</p>
1.60 avankest 1266:
1267: <li>
1.83 avankest 1268: <p>When the request has successfully completed loading, synchronously
1.132 avankest 1269: switch the state to <a href="#done-state" title="DONE state">DONE</a>
1270: and then synchronously dispatch a <code><a
1271: href="#readystatechange">readystatechange</a></code> event on the
1.97 avankest 1272: object and return the method call in case of <var>async</var> being
1273: <code>false</code>.
1.60 avankest 1274: </ol>
1.19 avankest 1275:
1.92 avankest 1276: <p>If the user agent allows the user to configure a proxy it <em
1.25 avankest 1277: class=ct>should</em> modify the request appropriately; <abbr title="in
1.2 avankest 1278: other words">i.e.</abbr>, connect to the proxy host instead of the
1279: origin server, modify the <code>Request-Line</code> and send
1280: <code>Proxy-Authorization</code> headers as specified.</p>
1281:
1.44 avankest 1282: <p>If the user agent supports HTTP Authentication it <em
1283: class=ct>should</em> consider requests originating from this object to
1284: be part of the protection space that includes the accessed URIs and send
1.19 avankest 1285: <code>Authorization</code> headers and handle <code>401
1.186 avankest 1286: Unauthorized</code> requests appropriately. If authentication fails, and
1287: <var>stored user</var> and <var>stored password</var> are not provided,
1.44 avankest 1288: user agents <em class=ct>should</em> prompt the users for credentials.
1289: [<cite><a href="#ref-rfc2617">RFC2617</a></cite>]</p>
1.19 avankest 1290:
1.186 avankest 1291: <p class=note>Users are not prompted if credentials are provided through
1292: the <code><a href="#open">open()</a></code> API so that authors can
1293: implement their own user interface.</p>
1294:
1.59 avankest 1295: <p>If the user agent supports HTTP State Management it <em
1.44 avankest 1296: class=ct>should</em> persist, discard and send cookies (as received in
1297: the <code>Set-Cookie</code> and <code>Set-Cookie2</code> response
1298: headers, and sent in the <code>Cookie</code> header) as applicable.
1.179 avankest 1299: [<cite><a href="#ref-rfc2109">RFC2109</a></cite>] [<cite><a
1300: href="#ref-rfc2965">RFC2965</a></cite>]</p>
1301: <!-- These specs do not match reality. -->
1.44 avankest 1302: <p>If the user agent implements a HTTP cache it <em class=ct>should</em>
1.185 avankest 1303: respect <code>Cache-Control</code> request headers set by <code><a
1304: href="#setrequestheader">setRequestHeader()</a></code> (e.g.,
1305: <code>Cache-Control: no-cache</code> bypasses the cache). It <em
1306: class=ct>must not</em> send <code>Cache-Control</code> or
1307: <code>Pragma</code> request headers automatically unless the user
1308: explicitly requests such behavior (<abbr>e.g.</abbr>, by
1309: (force-)reloading the page).</p>
1.180 avankest 1310:
1311: <p>For <code>304 Not Modified</code> responses that are a result of a
1312: user agent generated conditional request the user agent <em
1313: class=ct>must</em> act as if the server gave a <code>200 OK</code>
1314: response with the appropriate content. The user agent <em
1.185 avankest 1315: class=ct>must</em> allow <code><a
1316: href="#setrequestheader">setRequestHeader()</a></code> to override
1317: automatic cache validation by setting request headers (e.g.,
1318: <code>If-None-Match</code>, <code>If-Modified-Since</code>), in which
1319: case <code>304 Not Modified</code> responses <em class=ct>must</em> be
1320: passed through. [<cite><a href="#ref-rfc2616">RFC2616</a></cite>]</p>
1.2 avankest 1321:
1.44 avankest 1322: <p>If the user agent implements server-driven content-negotiation it <em
1.162 avankest 1323: class=ct>should</em> set <code>Accept-Encoding</code> and
1.175 avankest 1324: <code>Accept-Charset</code> headers as appropriate. Unless set through
1325: <code><a href="#setrequestheader">setRequestHeader()</a></code> user
1326: agents <em class=ct>should</em> set the <code>Accept</code> and
1.181 avankest 1327: <code>Accept-Language</code> headers as well. If <code>Accept</code> is
1328: set by the user agent it <em class=ct>must</em> have the value
1329: <code>*/*</code>. Responses <em class=ct>must</em> have the
1330: content-encodings automatically decoded. [<cite><a
1331: href="#ref-rfc2616">RFC2616</a></cite>]</p>
1.18 avankest 1332:
1.186 avankest 1333: <p>Besides the <a href="#author-request-headers">author request
1334: headers</a> user agents <em class=ct>should not</em> include additional
1335: request headers other than those mentioned above or other than those
1336: authors are not allowed to set using <code><a
1.185 avankest 1337: href="#setrequestheader">setRequestHeader()</a></code>. This ensures
1338: that authors have a reasonably predictable API.</p>
1339:
1.132 avankest 1340: <dt><dfn id=abort><code>abort()</code></dfn>, method
1.6 avankest 1341:
1342: <dd>
1.62 avankest 1343: <p>When invoked, the user agent <em class=ct>must</em> run the following
1.97 avankest 1344: steps (unless otherwise noted):</p>
1.6 avankest 1345:
1.62 avankest 1346: <ol>
1347: <li>
1.109 avankest 1348: <p><a href="#abort-send-algorithm" title="abort send()">Abort the
1349: <code>send()</code> algorithm</a>, set the <a
1.125 avankest 1350: href="#response-entity-body">response entity body</a> to "null", the
1.136 avankest 1351: <a href="#error-flag">error flag</a> to "true" and remove any
1352: registered request headers.
1.62 avankest 1353:
1354: <li>
1.109 avankest 1355: <p>The user agent <em class=ct>should</em> cancel any network activity
1356: for which the object is responsible.
1.62 avankest 1357:
1.80 avankest 1358: <li>
1.135 avankest 1359: <p>If the state is <a href="#unsent-state" title="UNSENT
1360: state">UNSENT</a>, <a href="#opened-state" title="OPENED
1361: state">OPENED</a> and the <a href="#send-flag"><code>send()</code>
1362: flag</a> is "false", or <a href="#done-state" title="DONE
1363: state">DONE</a> go to the next step.</p>
1.84 avankest 1364:
1.132 avankest 1365: <p>Otherwise, switch the state to <a href="#done-state" title="DONE
1.136 avankest 1366: state">DONE</a>, set the <a href="#send-flag"><code>send()</code>
1367: flag</a> to "false" and synchronously dispatch a <code><a
1.132 avankest 1368: href="#readystatechange">readystatechange</a></code> event on the
1.84 avankest 1369: object.</p>
1.68 avankest 1370:
1.62 avankest 1371: <li>
1.135 avankest 1372: <p>Switch the state to <a href="#unsent-state" title="UNSENT
1.98 avankest 1373: state">UNSENT</a>. (Do not dispatch the <code><a
1.132 avankest 1374: href="#readystatechange">readystatechange</a></code> event.)</p>
1.62 avankest 1375:
1.83 avankest 1376: <p class=note>It is likely that a future version of the <code><a
1377: href="#xmlhttprequest-object">XMLHttpRequest</a></code> object will
1378: dispatch an <code title="">abort</code> event here as well.</p>
1.62 avankest 1379: </ol>
1.26 avankest 1380:
1.6 avankest 1381: <dt><dfn
1.132 avankest 1382: id=getallresponseheaders><code>getAllResponseHeaders()</code></dfn>,
1.13 avankest 1383: method
1.2 avankest 1384:
1385: <dd>
1.62 avankest 1386: <p>When invoked, the user agent <em class=ct>must</em> run the following
1387: steps:</p>
1.60 avankest 1388:
1389: <ol>
1.77 avankest 1390: <li>
1.135 avankest 1391: <p>If the state is <a href="#unsent-state" title="UNSENT
1392: state">UNSENT</a> or <a href="#opened-state" title="OPENED
1393: state">OPENED</a> raise an <code>INVALID_STATE_ERR</code> exception
1394: and terminate these steps.
1.125 avankest 1395:
1396: <li>
1.171 avankest 1397: <p>If the <a href="#error-flag">error flag</a> is "true" return the
1398: empty string and terminate these steps.
1.77 avankest 1399:
1400: <li>
1.97 avankest 1401: <p>Return all the HTTP headers, as a single string, with each header
1.193 avankest 1402: line separated by a U+000D CR U+000A LF pair excluding the status
1403: line, and with each header name and header value separated by a U+003A
1404: COLON U+0020 SPACE pair.
1.60 avankest 1405: </ol>
1.6 avankest 1406:
1.25 avankest 1407: <div class=example>
1.60 avankest 1408: <pre><code>// The following script:
1.6 avankest 1409: var client = new XMLHttpRequest();
1.18 avankest 1410: client.open("GET", "test.txt", true);
1.6 avankest 1411: client.send();
1.16 avankest 1412: client.onreadystatechange = function() {
1.180 avankest 1413: if(this.readyState == 2) {
1.16 avankest 1414: print(this.getAllResponseHeaders());
1415: }
1416: }
1.6 avankest 1417:
1418: // ...should output something similar to the following text:
1419: Date: Sun, 24 Oct 2004 04:58:38 GMT
1420: Server: Apache/1.3.31 (Unix)
1421: Keep-Alive: timeout=15, max=99
1422: Connection: Keep-Alive
1423: Transfer-Encoding: chunked
1.60 avankest 1424: Content-Type: text/plain; charset=utf-8</code></pre>
1.6 avankest 1425: </div>
1426:
1.132 avankest 1427: <dt><dfn id=getresponseheader
1.25 avankest 1428: title=getresponseheader><code>getResponseHeader(<var>header</var>)</code></dfn>,
1.13 avankest 1429: method
1.2 avankest 1430:
1.6 avankest 1431: <dd>
1.60 avankest 1432: <p>When the method is invoked, the user agent <em class=ct>must</em> run
1433: the following steps:</p>
1434:
1435: <ol>
1.77 avankest 1436: <li>
1.135 avankest 1437: <p>If the state is <a href="#unsent-state" title="UNSENT
1438: state">UNSENT</a> or <a href="#opened-state" title="OPENED
1439: state">OPENED</a> raise an <code>INVALID_STATE_ERR</code> exception
1440: and terminate these steps.
1.125 avankest 1441:
1442: <li>
1.150 avankest 1443: <p>If the <var>header</var> argument does not match the <a
1.172 avankest 1444: href="#field-name"><code>field-name</code> production</a> return
1445: <code>null</code> and terminate these steps.
1.150 avankest 1446:
1447: <li>
1.125 avankest 1448: <p>If the <a href="#error-flag">error flag</a> is "true" return
1449: <code>null</code> and terminate these steps.
1.17 avankest 1450:
1.77 avankest 1451: <li>
1.81 avankest 1452: <p>If the <var>header</var> argument <a href="#case-insensitive-match"
1453: title="case-insensitive match">case-insensitively matches</a> multiple
1.128 avankest 1454: HTTP headers for the last request sent, return the values of these
1.193 avankest 1455: headers as a single concatenated string separated from each other by a
1456: U+002C COMMA U+0020 SPACE character pair and terminate these steps.
1.77 avankest 1457:
1458: <li>
1.81 avankest 1459: <p>If the <var>header</var> argument <a href="#case-insensitive-match"
1460: title="case-insensitive match">case-insensitively matches</a> a single
1.97 avankest 1461: HTTP header for the last request sent return the value of that header
1.99 avankest 1462: and terminate these steps.
1.77 avankest 1463:
1464: <li>
1.97 avankest 1465: <p>Return <code>null</code>.
1.60 avankest 1466: </ol>
1.17 avankest 1467:
1.25 avankest 1468: <div class=example>
1.60 avankest 1469: <pre><code>// The following script:
1.1 avankest 1470: var client = new XMLHttpRequest();
1.18 avankest 1471: client.open("GET", "test.txt", true);
1.6 avankest 1472: client.send();
1.16 avankest 1473: client.onreadystatechange = function() {
1.180 avankest 1474: if(this.readyState == 2) {
1.18 avankest 1475: print(client.getResponseHeader("Content-Type"));
1.16 avankest 1476: }
1477: }
1.1 avankest 1478:
1.6 avankest 1479: // ...should output something similar to the following text:
1.164 avankest 1480: text/plain; charset=utf-8</code></pre>
1.2 avankest 1481: </div>
1482:
1.132 avankest 1483: <dt><dfn id=responsetext><code>responseText</code></dfn> of type
1.9 avankest 1484: <code>DOMString</code>, readonly
1.6 avankest 1485:
1486: <dd>
1.89 avankest 1487: <p>On getting, the user agent <em class=ct>must</em> run the following
1488: steps:</p>
1489:
1490: <ol>
1491: <li>
1.132 avankest 1492: <p>If the state is not <a href="#loading-state" title="LOADING
1493: state">LOADING</a> or <a href="#done-state" title="DONE
1.170 avankest 1494: state">DONE</a> return the empty string and terminate these steps.
1.6 avankest 1495:
1.89 avankest 1496: <li>
1497: <p>Return the <a href="#text-response-entity-body">text response entity
1498: body</a>.
1499: </ol>
1.12 avankest 1500:
1.132 avankest 1501: <dt><dfn id=responsexml><code>responseXML</code></dfn> of type
1.9 avankest 1502: <code>Document</code>, readonly
1.6 avankest 1503:
1504: <dd>
1.76 avankest 1505: <p>On getting, the user agent <em class=ct>must</em> run the following
1506: steps:</p>
1507:
1508: <ol>
1509: <li>
1.132 avankest 1510: <p>If the state is not <a href="#done-state" title="DONE
1.170 avankest 1511: state">DONE</a> return <code>null</code> and terminate these steps.
1.76 avankest 1512:
1513: <li>
1.89 avankest 1514: <p>Return the <a href="#xml-response-entity-body">XML response entity
1515: body</a>.
1.76 avankest 1516: </ol>
1.12 avankest 1517:
1.132 avankest 1518: <dt><dfn id=status><code>status</code></dfn> of type <code>unsigned
1.9 avankest 1519: short</code>, readonly
1.6 avankest 1520:
1521: <dd>
1.73 avankest 1522: <p>On getting, if available, it <em class=ct>must</em> return the HTTP
1523: status code sent by the server (typically <code>200</code> for a
1524: successful request). Otherwise, if not available, the user agent <em
1525: class=ct>must</em> raise an <code>INVALID_STATE_ERR</code> exception.</p>
1.12 avankest 1526:
1.132 avankest 1527: <dt><dfn id=statustext><code>statusText</code></dfn> of type
1.9 avankest 1528: <code>DOMString</code>, readonly
1.2 avankest 1529:
1.6 avankest 1530: <dd>
1.73 avankest 1531: <p>On getting, if available, it <em class=ct>must</em> return the HTTP
1532: status text sent by the server (appears after the status code).
1.180 avankest 1533: Otherwise, if not available (request is not initiated for instance), the
1534: user agent <em class=ct>must</em> raise an
1535: <code>INVALID_STATE_ERR</code> exception.</p>
1.2 avankest 1536: </dl>
1537:
1.168 avankest 1538: <h3 id=events><span class=secno>4.1 </span>Events for the <code
1.33 avankest 1539: title="">XMLHttpRequest</code> Object</h3>
1.2 avankest 1540:
1.1 avankest 1541: <dl>
1.132 avankest 1542: <dt><dfn id=readystatechange><code>readystatechange</code></dfn>
1.2 avankest 1543:
1.73 avankest 1544: <dd>When the user agent dispatches a <code
1545: title="">readystatechange</code> event (as indicated above) it <em
1546: class=ct>must not</em> bubble, <em class=ct>must not</em> be cancelable
1547: and <em class=ct>must</em> implement the <code>Event</code> interface.
1548: Its <code>namespaceURI</code> attribute <em class=ct>must</em> be
1.146 avankest 1549: <code>null</code>. [<cite><a
1.156 avankest 1550: href="#ref-dom2events">DOM2Events</a></cite>]
1.1 avankest 1551: </dl>
1.2 avankest 1552:
1.168 avankest 1553: <h3 id=exceptions><span class=secno>4.2 </span>Exceptions for the <code
1.33 avankest 1554: title="">XMLHttpRequest</code> Object</h3>
1555:
1.139 avankest 1556: <p>Several algorithms in this specification may result in an exception
1557: being thrown. These exceptions are all part of the group
1.186 avankest 1558: <code>ExceptionCode</code> and use the <code>DOMException</code> object,
1.139 avankest 1559: which is defined in DOM Level 3 Core. In addition this specification
1560: extends the <code>ExceptionCode</code> group with several new constants as
1.146 avankest 1561: indicated below. [<cite><a href="#ref-dom3core">DOM3Core</a></cite>]
1.139 avankest 1562:
1.194 avankest 1563: <p class=note>Thus, exceptions used by this specification and not defined
1564: in this section are defined by DOM Level 3 Core.
1565:
1.34 avankest 1566: <pre
1.139 avankest 1567: class=idl>const unsigned short <a href="#security-err">SECURITY_ERR</a> = 18;
1.200 ! avankest 1568: const unsigned short <a href="#network-err">NETWORK_ERR</a> = 19;
! 1569: const unsigned short <a href="#abort-err">ABORT_ERR</a> = 20;</pre>
1.33 avankest 1570:
1.139 avankest 1571: <p>The <dfn id=security-err><code>SECURITY_ERR</code></dfn> exception is
1572: raised if an attempt is made to perform an operation or access some data
1573: in a way that would be a security risk or a violation of the user agent's
1574: security policy.</p>
1575: <!-- http://lists.w3.org/Archives/Public/public-webapi/2006May/0027.html -->
1576:
1.35 avankest 1577: <p>The <dfn id=network-err><code>NETWORK_ERR</code></dfn> exception is
1.139 avankest 1578: raised when a network error occurs in synchronous requests.
1.122 avankest 1579:
1.139 avankest 1580: <p>The <dfn id=abort-err><code>ABORT_ERR</code></dfn> exception is raised
1.122 avankest 1581: when the user aborts a request in synchronous requests.
1582:
1.200 ! avankest 1583: <p class=note>These exceptions might be folded into an update of DOM Level
! 1584: 3 Core in due course, as they are appropriate for other API specifications
! 1585: as well.
! 1586:
1.31 avankest 1587: <h2 class=no-num id=notcovered>Not in this Specification</h2>
1588:
1.144 avankest 1589: <p><em>This section is non-normative.</em>
1.31 avankest 1590:
1.73 avankest 1591: <p>This specification does not include the following features which are
1592: being considered for a future version of this specification:
1.31 avankest 1593:
1594: <ul>
1595: <li><code>load</code> event and <code>onload</code> attribute;
1596:
1597: <li><code>error</code> event and <code>onerror</code> attribute;
1598:
1599: <li><code>progress</code> event and <code>onprogress</code> attribute;
1600:
1601: <li><code title="">abort</code> event and <code>onabort</code> attribute;
1602:
1603: <li>Timers have been suggested, perhaps an <code>ontimeout</code>
1604: attribute;
1605:
1606: <li>Property to disable following redirects;
1607:
1.32 avankest 1608: <li><code title="">responseXML</code> for <code>text/html</code>
1609: documents;
1.31 avankest 1610:
1.42 avankest 1611: <li>Cross-site <code title="">XMLHttpRequest</code>;
1612:
1.88 avankest 1613: <li><code>responseBody</code> to deal with byte streams;
1.42 avankest 1614:
1.115 avankest 1615: <li><code>overrideMimeType</code> to fix up MIME types;
1616:
1.88 avankest 1617: <li><code>getRequestHeader()</code> and
1618: <code>removeRequestHeader()</code>.
1.31 avankest 1619: </ul>
1620:
1.25 avankest 1621: <h2 class=no-num id=bibref>References</h2>
1.2 avankest 1622:
1.178 avankest 1623: <p>Unless marked "Non-normative" these references are normative.
1624:
1.7 avankest 1625: <dl>
1.156 avankest 1626: <dt>[<dfn id=ref-dom2events>DOM2Events</dfn>]
1627:
1628: <dd><cite><a href="http://www.w3.org/TR/DOM-Level-2-Events/">Document
1.161 avankest 1629: Object Model (DOM) Level 2 Events Specification</a></cite>, T. Pixley,
1630: editor. W3C, November 2000.
1.156 avankest 1631:
1.146 avankest 1632: <dt>[<dfn id=ref-dom3core>DOM3Core</dfn>]
1.2 avankest 1633:
1.15 avankest 1634: <dd><cite><a href="http://www.w3.org/TR/DOM-Level-3-Core">Document Object
1635: Model (DOM) Level 3 Core Specification</a></cite>, A. Le Hors, P. Le
1.140 avankest 1636: Hégaret, L. Wood, G. Nicol, J. Robie, M. Champion, S. Byrne,
1637: editors. W3C, April 2004.
1.2 avankest 1638:
1.39 avankest 1639: <dt>[<dfn id=ref-ecmascript>ECMAScript</dfn>]
1.18 avankest 1640:
1641: <dd><cite><a
1642: href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript
1643: Language Specification</a></cite>, Third Edition. ECMA, December 1999.
1644:
1.146 avankest 1645: <dt>[<dfn id=ref-html5>HTML5</dfn>]
1.143 avankest 1646:
1647: <dd><cite><a
1.172 avankest 1648: href="http://www.w3.org/html/wg/html5/">HTML 5</a></cite> (work in
1649: progress), I. Hickson, D. Hyatt, editors. W3C, 2008.
1650:
1651: <dd><cite><a
1.143 avankest 1652: href="http://www.whatwg.org/specs/web-apps/current-work/">HTML 5</a></cite>
1.172 avankest 1653: (work in progress), I. Hickson, editor. WHATWG, 2008.
1.18 avankest 1654:
1.178 avankest 1655: <dt>[<dfn id=ref-httponly>HTTPONLY</dfn>]
1656:
1657: <dd>(Non-normative) <cite><a
1658: href="http://msdn.microsoft.com/en-us/library/ms533046.aspx">Mitigating
1659: Cross-site Scripting With HTTP-only Cookies</a></cite>, MSDN.
1660:
1.199 avankest 1661: <dt>[<dfn id=ref-httpverbsec>HTTPVERBSEC</dfn>]
1662:
1663: <dd>(Non-normative) <cite><a
1664: href="http://www.kb.cert.org/vuls/id/867593">Multiple vendors' web
1665: servers enable HTTP TRACE method by default</a></cite>, US-CERT.
1666:
1667: <dd>(Non-normative) <cite><a
1668: href="http://www.kb.cert.org/vuls/id/288308">Microsoft Internet
1669: Information Server (IIS) vulnerable to cross-site scripting via HTTP
1670: TRACK method</a></cite>, US-CERT.
1671:
1672: <dd>(Non-normative) <cite><a
1673: href="http://www.kb.cert.org/vuls/id/150227">HTTP proxy default
1674: configurations allow arbitrary TCP connections</a></cite>, US-CERT.
1675:
1.179 avankest 1676: <dt>[<dfn id=ref-rfc2109>RFC2109</dfn>]
1677:
1678: <dd><cite><a href="http://ietf.org/rfc/rfc2109">HTTP State Management
1679: Mechanism</a></cite>, D. Kristol, L. Montulli, editors. IETF, February
1680: 1997.
1681:
1.146 avankest 1682: <dt>[<dfn id=ref-rfc2119>RFC2119</dfn>]
1.15 avankest 1683:
1.118 avankest 1684: <dd><cite><a href="http://ietf.org/rfc/rfc2119">Key words for use in RFCs
1685: to Indicate Requirement Levels</a></cite>, S. Bradner. IETF, March 1997.
1.15 avankest 1686:
1.146 avankest 1687: <dt>[<dfn id=ref-rfc2616>RFC2616</dfn>]
1.15 avankest 1688:
1689: <dd><cite><a href="http://ietf.org/rfc/rfc2616">Hypertext Transfer
1690: Protocol -- HTTP/1.1</a></cite>, R. Fielding, J. Gettys, J. Mogul, H.
1.93 avankest 1691: Frystyk, L. Masinter, P. Leach, T. Berners-Lee, editors. IETF, June 1999.
1.15 avankest 1692:
1.39 avankest 1693: <dt>[<dfn id=ref-rfc2617>RFC2617</dfn>]
1.15 avankest 1694:
1695: <dd><cite><a href="http://ietf.org/rfc/rfc2617">HTTP Authentication: Basic
1.93 avankest 1696: and Digest Access Authentication</a></cite>, P. Hallam-Baker, J.
1697: Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart, editors. IETF,
1698: June 1999.
1.2 avankest 1699:
1.39 avankest 1700: <dt>[<dfn id=ref-rfc2965>RFC2965</dfn>]
1.2 avankest 1701:
1.22 avankest 1702: <dd><cite><a href="http://ietf.org/rfc/rfc2965">HTTP State Management
1703: Mechanism</a></cite>, D. Kristol, L. Montulli, editors. IETF, October
1704: 2000.
1705:
1.39 avankest 1706: <dt>[<dfn id=ref-rfc3986>RFC3986</dfn>]
1.2 avankest 1707:
1.15 avankest 1708: <dd><cite><a href="http://ietf.org/rfc/rfc3986">Uniform Resource
1709: Identifier (URI): Generic Syntax</a></cite>, T. Berners-Lee, R. Fielding,
1.188 avankest 1710: L. Masinter, editors. IETF, January 2005.
1711:
1712: <dt>[<dfn id=ref-rfc3987>RFC3987</dfn>]
1713:
1714: <dd><cite><a href="http://ietf.org/rfc/rfc3987">Internationalized Resource
1715: Identifiers (IRIs)</a></cite>, M. Duerst, M. Suignard, editors. IETF,
1.190 avankest 1716: January 2005.
1.142 avankest 1717:
1.182 avankest 1718: <dt>[<dfn id=ref-webidl>Web IDL</dfn>]
1719:
1720: <dd><cite><a href="http://dev.w3.org/2006/webapi/Binding4DOM/">Web
1721: IDL</a></cite> (editor's draft), C. McCormack, editor. W3C, 2008.
1722:
1.43 avankest 1723: <dt>[<dfn id=ref-xml>XML</dfn>]
1724:
1725: <dd><cite><a href="http://www.w3.org/TR/xml/">Extensible Markup Language
1726: (XML) 1.0 (Fourth Edition)</a></cite>, T. Bray, J. Paoli, C.
1.118 avankest 1727: Sperberg-McQueen, E. Maler, F. Yergeau, editors. W3C, September 2006.
1.43 avankest 1728:
1729: <dt>[<dfn id=ref-xmlns>XMLNS</dfn>]
1730:
1731: <dd><cite><a href="http://www.w3.org/TR/xml-names/">Namespaces in XML
1.118 avankest 1732: (Second Edition)</a></cite>, T. Bray, D. Hollander, A. Layman, R. Tobin,
1733: editors. W3C, August 2006.
1.2 avankest 1734: </dl>
1735:
1.131 avankest 1736: <h2 class=no-num id=acknowledgments>Acknowledgments</h2>
1.2 avankest 1737:
1.164 avankest 1738: <p>The editor would like to thank Addison Phillips, Ahmed Kamel, Alex
1739: Hopmann, Alex Vincent, Alexey Proskuryakov, Asbjørn Ulsberg, Boris
1740: Zbarsky, Björn Höhrmann, Cameron McCormack, Christophe Jolif,
1741: Charles McCathieNevile, Dan Winship, David Håsäther, Dean
1742: Jackson, Denis Sureau, Doug Schepers, Douglas Livingstone, Elliotte
1.197 avankest 1743: Harold, Eric Lawrence, Erik Dahlström, Geoffrey Sneddon, Gideon Cohn,
1744: Gorm Haug Eriksen, Hallvord R. M. Steen, Håkon Wium Lie, Ian Davis,
1745: Ian Hickson, Ivan Herman, Jeff Walden, Jens Lindström, Jim Deegan,
1746: Jim Ley, Joe Farro, Jonas Sicking, Julian Reschke, Karl Dubost, Lachlan
1747: Hunt, Maciej Stachowiak, Magnus Kristiansen, Marc Hadley, Marcos Caceres,
1748: Mark Baker, Mark Nottingham, Mohamed Zergaoui, Pawel Glowacki, Robin
1749: Berjon, Ruud Steltenpool, Simon Pieters, Stewart Brodie, Sunava Dutta,
1750: Thomas Roessler, Tom Magliery and Zhenbin Xu for their contributions to
1751: this specification.
1.2 avankest 1752:
1753: <p>Special thanks to the Microsoft employees who first implemented the
1.144 avankest 1754: <code title="">XMLHttpRequest</code> interface, which was first widely
1755: deployed by the Windows Internet Explorer browser.
1.2 avankest 1756:
1.56 avankest 1757: <p>Special thanks also to the WHATWG for drafting an initial version of
1.131 avankest 1758: this specification in their Web Applications 1.0 document (now renamed to
1.146 avankest 1759: HTML 5). [<cite><a href="#ref-html5">HTML5</a></cite>]
1.2 avankest 1760:
1761: <p>Thanks also to all those who have helped to improve this specification
1762: by sending suggestions and corrections. (Please, keep bugging us with your
1763: issues!)
Webmaster