Annotation of 2006/webapi/XMLHttpRequest/Overview.html, revision 1.270

1.1       avankest    1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
1.2       avankest    2: 
1.25      avankest    3: <html lang=en-US>
1.1       avankest    4:  <head>
1.209     avankest    5:   <title>XMLHttpRequest</title>
1.2       avankest    6: 
1.20      avankest    7:   <style type="text/css">
1.118     avankest    8:    pre.idl { border:solid thin; background:#eee; color:#000; padding:0.5em }
1.20      avankest    9:    pre.idl :link, pre.idl :visited { color:inherit; background:transparent }
1.60      avankest   10:    pre code { color:inherit; background:transparent }
1.20      avankest   11:    div.example { margin-left:1em; padding-left:1em; border-left:double; color:#222; background:#fcfcfc }
1.90      avankest   12:    .note { margin-left:2em; font-weight:bold; font-style:italic; color:#008000 }
1.20      avankest   13:    p.note::before { content:"Note: " }
1.205     avankest   14:    .XXX { padding:.5em; border:solid #f00 }
                     15:    p.XXX::before { content:"Issue: " }
1.120     avankest   16:    dl.switch { padding-left:2em }
1.250     avankest   17:    dl.switch > dt { text-indent:-1.5em }
                     18:    dl.switch > dt:before { content:'\21AA'; padding:0 0.5em 0 0; display:inline-block; width:1em; text-align:right; line-height:0.5em }
1.232     avankest   19:    em.ct { text-transform:lowercase; font-variant:small-caps; font-style:normal }
                     20:    dfn { font-weight:bold; font-style:normal }
                     21:    code { color:orangered }
                     22:    code :link, code :visited { color:inherit }
                     23:    hr:not(.top) { display:block; background:none; border:none; padding:0; margin:2em 0; height:auto }
                     24:    table { border-collapse:collapse; border-style:hidden hidden none hidden }
                     25:    table thead { border-bottom:solid }
                     26:    table tbody th:first-child { border-left:solid }
                     27:    table td, table th { border-left:solid; border-right:solid; border-bottom:solid thin; vertical-align:top; padding:0.2em }
                     28:   </style>
1.248     avankest   29:   <link href="http://www.w3.org/StyleSheets/TR/W3C-ED" rel=stylesheet>
1.2       avankest   30: 
1.1       avankest   31:  <body>
1.25      avankest   32:   <div class=head>
                     33:    <p><a href="http://www.w3.org/"><img alt=W3C height=48
                     34:     src="http://www.w3.org/Icons/w3c_home" width=72></a></p>
1.2       avankest   35: 
1.231     avankest   36:    <h1 class=head id=the-xmlhttprequest-object>XMLHttpRequest</h1>
1.2       avankest   37: 
1.270   ! avankest   38:    <h2 class="no-num no-toc" id=w3c-doctype>Editor's Draft 10 May 2010</h2>
1.2       avankest   39: 
1.1       avankest   40:    <dl>
1.154     avankest   41:     <dt>This Version:
1.2       avankest   42: 
                     43:     <dd><a
1.270   ! avankest   44:      href="http://www.w3.org/TR/2010/ED-XMLHttpRequest-20100510/">http://www.w3.org/TR/2010/ED-XMLHttpRequest-20100510/</a>
1.2       avankest   45: 
1.14      avankest   46:     <dt>Latest Version:
1.2       avankest   47: 
                     48:     <dd><a
                     49:      href="http://www.w3.org/TR/XMLHttpRequest/">http://www.w3.org/TR/XMLHttpRequest/</a>
                     50: 
1.190     avankest   51:     <dt>Latest Editor Version:
                     52: 
                     53:     <dd><a
                     54:      href="http://dev.w3.org/2006/webapi/XMLHttpRequest/">http://dev.w3.org/2006/webapi/XMLHttpRequest/</a>
                     55: 
1.14      avankest   56:     <dt>Previous Versions:
1.2       avankest   57: 
                     58:     <dd><a
1.233     avankest   59:      href="http://www.w3.org/TR/2009/WD-XMLHttpRequest-20090820/">http://www.w3.org/TR/2009/WD-XMLHttpRequest-20090820/</a>
                     60: 
                     61:     <dd><a
1.174     avankest   62:      href="http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/">http://www.w3.org/TR/2008/WD-XMLHttpRequest-20080415/</a>
                     63: 
                     64:     <dd><a
1.155     avankest   65:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/</a>
                     66: 
                     67:     <dd><a
1.134     avankest   68:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/</a>
                     69: 
                     70:     <dd><a
1.60      avankest   71:      href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/</a>
                     72: 
                     73:     <dd><a
1.25      avankest   74:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/</a>
                     75: 
                     76:     <dd><a
1.2       avankest   77:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/</a>
                     78: 
                     79:     <dd><a
                     80:      href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/</a>
                     81: 
                     82:     <dt>Editor:
                     83: 
                     84:     <dd><a href="http://annevankesteren.nl/">Anne van Kesteren</a> (<a
                     85:      href="http://www.opera.com/">Opera Software ASA</a>) &lt;<a
                     86:      href="mailto:annevk@opera.com">annevk@opera.com</a>&gt;
1.1       avankest   87:    </dl>
1.2       avankest   88: 
1.25      avankest   89:    <p class=copyright><a
1.2       avankest   90:     href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a>
1.231     avankest   91:     &copy; 2009 <a href="http://www.w3.org/"><acronym title="World Wide Web
1.53      avankest   92:     Consortium">W3C</acronym></a><sup>&reg;</sup> (<a
                     93:     href="http://www.csail.mit.edu/"><acronym title="Massachusetts Institute
                     94:     of Technology">MIT</acronym></a>, <a
                     95:     href="http://www.ercim.org/"><acronym title="European Research Consortium
                     96:     for Informatics and Mathematics">ERCIM</acronym></a>, <a
1.2       avankest   97:     href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a
                     98:     href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>,
                     99:     <a
                    100:     href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>
                    101:     and <a
                    102:     href="http://www.w3.org/Consortium/Legal/copyright-documents">document
                    103:     use</a> rules apply.</p>
1.1       avankest  104:   </div>
1.2       avankest  105: 
                    106:   <hr>
                    107: 
1.25      avankest  108:   <h2 class="no-num no-toc" id=specabstract>Abstract</h2>
1.2       avankest  109: 
1.231     avankest  110:   <p>The XMLHttpRequest specification defines an API that provides scripted
                    111:    client functionality for transferring data between a client and a server.
1.25      avankest  112: 
                    113:   <h2 class="no-num no-toc" id=sotd>Status of this Document</h2>
1.2       avankest  114: 
                    115:   <p><em>This section describes the status of this document at the time of
                    116:    its publication. Other documents may supersede this document. A list of
                    117:    current W3C publications and the latest revision of this technical report
                    118:    can be found in the <a href="http://www.w3.org/TR/">W3C technical reports
1.173     avankest  119:    index</a> at http://www.w3.org/TR/.</em>
1.2       avankest  120: 
1.270   ! avankest  121:   <p>This is the 10 May 2010 <!--Last Call Working Draft-->Editor's Draft of
        !           122:    XMLHttpRequest. Please send comments to <a
1.250     avankest  123:    href="mailto:public-webapps@w3.org?subject=[XHR]%20">public-webapps@w3.org</a>
                    124:    (<a
1.209     avankest  125:    href="http://lists.w3.org/Archives/Public/public-webapps/">archived</a>)
1.250     avankest  126:    with <samp>[XHR]</samp> at the start of the subject line.
1.49      avankest  127: 
                    128:   <p>This document is produced by the <a
1.209     avankest  129:    href="http://www.w3.org/2008/webapps/">Web Applications</a> (WebApps)
1.250     avankest  130:    Working Group. The WebApps Working Group is part of the <a
1.209     avankest  131:    href="http://www.w3.org/2006/rwc/Activity">Rich Web Clients Activity</a>
                    132:    in the W3C <a href="http://www.w3.org/Interaction/">Interaction
1.250     avankest  133:    Domain</a>.
1.2       avankest  134: 
                    135:   <p>This document was produced by a group operating under the <a
                    136:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February
1.54      avankest  137:    2004 W3C Patent Policy</a>. W3C maintains a <a
1.209     avankest  138:    href="http://www.w3.org/2004/01/pp-impl/42538/status"
1.25      avankest  139:    rel=disclosure>public list of any patent disclosures</a> made in
1.2       avankest  140:    connection with the deliverables of the group; that page also includes
                    141:    instructions for disclosing a patent. An individual who has actual
                    142:    knowledge of a patent which the individual believes contains <a
                    143:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
                    144:    Claim(s)</a> must disclose the information in accordance with <a
                    145:    href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
                    146:    6 of the W3C Patent Policy</a>.
                    147: 
1.250     avankest  148:   <p>Publication as a Working Draft does not imply endorsement by the W3C
                    149:    Membership. This is a draft document and may be updated, replaced or
                    150:    obsoleted by other documents at any time. It is inappropriate to cite this
                    151:    document as other than work in progress.
                    152: 
1.25      avankest  153:   <h2 class="no-num no-toc" id=toc>Table of Contents</h2>
1.2       avankest  154:   <!--begin-toc-->
                    155: 
1.25      avankest  156:   <ul class=toc>
1.248     avankest  157:    <li><a href="#introduction"><span class=secno>1. </span>Introduction</a>
1.154     avankest  158: 
1.250     avankest  159:    <li><a href="#conformance"><span class=secno>2. </span>Conformance
                    160:     Criteria</a>
1.25      avankest  161:     <ul class=toc>
1.248     avankest  162:      <li><a href="#dependencies"><span class=secno>2.1.
1.154     avankest  163:       </span>Dependencies</a>
1.2       avankest  164: 
1.248     avankest  165:      <li><a href="#terminology"><span class=secno>2.2. </span>Terminology</a>
                    166:       
1.81      avankest  167: 
1.248     avankest  168:      <li><a href="#extensibility"><span class=secno>2.3.
1.154     avankest  169:       </span>Extensibility</a>
                    170:     </ul>
1.81      avankest  171: 
1.250     avankest  172:    <li><a href="#the-xmlhttprequest-interface"><span class=secno>3.
1.248     avankest  173:     </span>The <code title="">XMLHttpRequest</code> Interface</a>
1.25      avankest  174:     <ul class=toc>
1.250     avankest  175:      <li><a href="#origin-and-base-url"><span class=secno>3.1. </span>Origin
1.205     avankest  176:       and Base URL</a>
1.33      avankest  177: 
1.250     avankest  178:      <li><a href="#task-sources"><span class=secno>3.2. </span>Task
1.205     avankest  179:       Sources</a>
                    180: 
1.250     avankest  181:      <li><a href="#constructors"><span class=secno>3.3.
1.213     avankest  182:       </span>Constructors</a>
1.205     avankest  183: 
1.250     avankest  184:      <li><a href="#event-handler-attributes"><span class=secno>3.4.
1.207     avankest  185:       </span>Event Handler Attributes</a>
1.205     avankest  186: 
1.250     avankest  187:      <li><a href="#states"><span class=secno>3.5. </span>States</a>
1.205     avankest  188: 
1.250     avankest  189:      <li><a href="#request"><span class=secno>3.6. </span>Request</a>
1.205     avankest  190:       <ul class=toc>
1.250     avankest  191:        <li><a href="#the-open-method"><span class=secno>3.6.1. </span>The
1.205     avankest  192:         <code title="">open()</code> method</a>
                    193: 
1.250     avankest  194:        <li><a href="#the-setrequestheader-method"><span class=secno>3.6.2.
1.205     avankest  195:         </span>The <code title="">setRequestHeader()</code> method</a>
                    196: 
1.250     avankest  197:        <li><a href="#the-send-method"><span class=secno>3.6.3. </span>The
1.205     avankest  198:         <code title="">send()</code> method</a>
                    199: 
1.214     avankest  200:        <li><a href="#infrastructure-for-the-send-method"><span
1.250     avankest  201:         class=secno>3.6.4. </span>Infrastructure for the <code
1.214     avankest  202:         title="">send()</code> method</a>
                    203: 
1.250     avankest  204:        <li><a href="#the-abort-method"><span class=secno>3.6.5. </span>The
1.205     avankest  205:         <code title="">abort()</code> method</a>
                    206:       </ul>
                    207: 
1.250     avankest  208:      <li><a href="#response"><span class=secno>3.7. </span>Response</a>
1.205     avankest  209:       <ul class=toc>
1.250     avankest  210:        <li><a href="#the-status-attribute"><span class=secno>3.7.1.
1.248     avankest  211:         </span>The <code title="">status</code> attribute</a>
1.205     avankest  212: 
1.250     avankest  213:        <li><a href="#the-statustext-attribute"><span class=secno>3.7.2.
1.205     avankest  214:         </span>The <code title="">statusText</code> attribute</a>
                    215: 
1.250     avankest  216:        <li><a href="#the-getresponseheader-method"><span class=secno>3.7.3.
1.205     avankest  217:         </span>The <code title="">getResponseHeader()</code> method</a>
                    218: 
                    219:        <li><a href="#the-getallresponseheaders-method"><span
1.250     avankest  220:         class=secno>3.7.4. </span>The <code
1.205     avankest  221:         title="">getAllResponseHeaders()</code> method</a>
                    222: 
1.250     avankest  223:        <li><a href="#response-entity-body0"><span class=secno>3.7.5.
1.205     avankest  224:         </span>Response Entity Body</a>
                    225: 
1.250     avankest  226:        <li><a href="#the-responsetext-attribute"><span class=secno>3.7.6.
1.205     avankest  227:         </span>The <code title="">responseText</code> attribute</a>
                    228: 
1.250     avankest  229:        <li><a href="#the-responsexml-attribute"><span class=secno>3.7.7.
1.205     avankest  230:         </span>The <code title="">responseXML</code> attribute</a>
                    231:       </ul>
1.242     avankest  232:     </ul>
1.205     avankest  233: 
1.250     avankest  234:    <li><a href="#exceptions"><span class=secno>4. </span>Exceptions</a>
1.2       avankest  235: 
1.31      avankest  236:    <li class=no-num><a href="#notcovered">Not in this Specification</a>
                    237: 
1.250     avankest  238:    <li class=no-num><a href="#references">References</a>
1.2       avankest  239: 
1.131     avankest  240:    <li class=no-num><a href="#acknowledgments">Acknowledgments</a>
1.2       avankest  241:   </ul>
                    242:   <!--end-toc-->
                    243: 
1.248     avankest  244:   <h2 id=introduction><span class=secno>1. </span>Introduction</h2>
1.2       avankest  245: 
                    246:   <p><em>This section is non-normative.</em>
                    247: 
1.270   ! avankest  248:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  249:    implements an interface exposed by a scripting engine that allows scripts
                    250:    to perform HTTP client functionality, such as submitting form data or
                    251:    loading data from a server. It is the ECMAScript HTTP API.
1.2       avankest  252: 
1.270   ! avankest  253:   <p>The name of the object is <a
        !           254:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> for compatibility
        !           255:    with the Web, though each component of this name is potentially
        !           256:    misleading. First, the object supports any text based format, including
        !           257:    XML. Second, it can be used to make requests over both HTTP and HTTPS
        !           258:    (some implementations support protocols in addition to HTTP and HTTPS, but
        !           259:    that functionality is not covered by this specification). Finally, it
        !           260:    supports "requests" in a broad sense of the term as it pertains to HTTP;
        !           261:    namely all activity involved with HTTP requests or responses for the
        !           262:    defined HTTP methods.
1.2       avankest  263: 
1.25      avankest  264:   <div class=example>
1.18      avankest  265:    <p>Some simple code to do something with data from an XML document fetched
                    266:     over the network:</p>
                    267: 
1.60      avankest  268:    <pre><code>function test(data) {
1.18      avankest  269:  // taking care of data
                    270: }
                    271: 
                    272: function handler() {
1.118     avankest  273:  if(this.readyState == 4 &amp;&amp; this.status == 200) {
1.18      avankest  274:   // so far so good
1.118     avankest  275:   if(this.responseXML != null &amp;&amp; this.responseXML.getElementById('test').firstChild.data)
                    276:      // success!
1.18      avankest  277:    test(this.responseXML.getElementById('test').firstChild.data);
                    278:   else
                    279:    test(null);
1.118     avankest  280:  } else if (this.readyState == 4 &amp;&amp; this.status != 200) {
1.18      avankest  281:   // fetched the wrong page or network error...
                    282:   test(null);
                    283:  }
                    284: }
                    285: 
                    286: var client = new XMLHttpRequest();
                    287: client.onreadystatechange = handler;
1.252     avankest  288: client.open("GET", "unicorn.xml");
1.60      avankest  289: client.send();</code></pre>
1.18      avankest  290: 
1.58      avankest  291:    <p>If you just want to log a message to the server:</p>
1.18      avankest  292: 
1.60      avankest  293:    <pre><code>function log(message) {
1.18      avankest  294:  var client = new XMLHttpRequest();
1.58      avankest  295:  client.open("POST", "/log");
1.59      avankest  296:  client.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
1.18      avankest  297:  client.send(message);
1.60      avankest  298: }</code></pre>
1.18      avankest  299: 
                    300:    <p>Or if you want to check the status of a document on the server:</p>
                    301: 
1.60      avankest  302:    <pre><code>function fetchStatus(address) {
1.18      avankest  303:  var client = new XMLHttpRequest();
                    304:  client.onreadystatechange = function() {
                    305:   // in case of network errors this might not give reliable results
                    306:   if(this.readyState == 4)
                    307:    returnStatus(this.status);
                    308:  }
                    309:  client.open("HEAD", address);
                    310:  client.send();
1.60      avankest  311: }</code></pre>
1.18      avankest  312:   </div>
1.2       avankest  313: 
1.250     avankest  314:   <h2 id=conformance><span class=secno>2. </span>Conformance Criteria</h2>
1.2       avankest  315: 
1.29      avankest  316:   <p>Everything in this specification is normative except for diagrams,
1.2       avankest  317:    examples, notes and sections marked non-normative.
                    318: 
1.25      avankest  319:   <p>The key words <em class=ct>must</em>, <em class=ct>must not</em>, <em
1.261     avankest  320:    class=ct>should</em>, <em class=ct>should not</em>, and <em
                    321:    class=ct>may</em> in this document are to be interpreted as described in
                    322:    RFC 2119. [<cite><a href="#ref-rfc2119">RFC2119</a></cite>]
1.2       avankest  323: 
                    324:   <p>This specification defines the following classes of products:
                    325: 
                    326:   <dl>
1.75      avankest  327:    <dt><dfn id=conforming-user-agent>Conforming user agent</dfn>
1.2       avankest  328: 
1.75      avankest  329:    <dd>
                    330:     <p>A user agent <em class=ct>must</em> behave as described in this
1.107     avankest  331:      specification in order to be considered conformant.</p>
1.75      avankest  332: 
1.226     avankest  333:     <p>If the user agent is not a <a
1.250     avankest  334:      href="#conforming-xml-user-agent">conforming XML user agent</a> the
                    335:      <span>XML response entity body</span> <em class=ct>must</em> (always) be
                    336:      null.</p>
1.141     avankest  337: 
                    338:     <p>User agents <em class=ct>may</em> implement algorithms given in this
                    339:      specification in any way desired, so long as the end result is
                    340:      indistinguishable from the result that would be obtained by the
                    341:      specification's algorithms.</p>
1.2       avankest  342: 
1.96      avankest  343:     <p class=note>This specification uses both the terms "conforming user
                    344:      agent(s)" and "user agent(s)" to refer to this product class.</p>
                    345: 
1.95      avankest  346:    <dt><dfn id=conforming-xml-user-agent>Conforming XML user agent</dfn>
                    347: 
                    348:    <dd>
1.164     avankest  349:     <p>An XML user agent <em class=ct>must</em> be a <a
                    350:      href="#conforming-user-agent">conforming user agent</a> and <em
                    351:      class=ct>must</em> be a conforming XML processor that reports violations
                    352:      of namespace well-formedness. [<cite><a href="#ref-xml">XML</a></cite>]
1.2       avankest  353:   </dl>
                    354: 
1.248     avankest  355:   <h3 id=dependencies><span class=secno>2.1. </span>Dependencies</h3>
1.2       avankest  356: 
1.31      avankest  357:   <p>This specification relies on several underlying specifications.
1.2       avankest  358: 
1.31      avankest  359:   <dl>
                    360:    <dt>DOM
1.2       avankest  361: 
1.31      avankest  362:    <dd>
1.127     avankest  363:     <p>A <a href="#conforming-user-agent" title="conforming user
1.177     avankest  364:      agent">conforming user agent</a> <em class=ct>must</em> support at least
                    365:      the subset of the functionality defined in DOM Events and DOM Core that
1.183     avankest  366:      this specification relies upon, such as various exceptions and
                    367:      <code>EventTarget</code>. [<cite><a
1.156     avankest  368:      href="#ref-dom2events">DOM2Events</a></cite>] [<cite><a
                    369:      href="#ref-dom3core">DOM3Core</a></cite>]
1.2       avankest  370: 
1.252     avankest  371:    <dt>HTML5
1.162     avankest  372: 
                    373:    <dd>
1.183     avankest  374:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
1.190     avankest  375:      class=ct>must</em> support at least the subset of the functionality
1.252     avankest  376:      defined in HTML5 that this specification relies upon, such as the basics
                    377:      of the <code>Window</code> object and serializing a
1.198     avankest  378:      <code>Document</code> object. [<cite><a
                    379:      href="#ref-html5">HTML5</a></cite>]</p>
1.190     avankest  380: 
1.162     avankest  381:     <p class=note>The <a
                    382:      href="http://www.w3.org/TR/2006/WD-Window-20060407/">Window Object
                    383:      1.0</a> draft is not referenced normatively as it appears to be no
1.252     avankest  384:      longer maintained and HTML5 defines the <code>Window</code> object in
                    385:      more detail. This specification already depends on HTML5 for other
                    386:      reasons so there is not much additional overhead because of this.</p>
1.162     avankest  387: 
1.31      avankest  388:    <dt>HTTP
1.11      avankest  389: 
1.31      avankest  390:    <dd>
1.250     avankest  391:     <p>A <a href="#conforming-user-agent" title="conforming user
                    392:      agent">conforming user agent</a> <em class=ct>must</em> support some
                    393:      version of the HTTP protocol. Requirements regarding HTTP are made
                    394:      throughout the specification. [<cite><a
                    395:      href="#rfc-rfc2616">RFC2616</a></cite>]
1.182     avankest  396: 
                    397:    <dt>Web IDL
                    398: 
1.250     avankest  399:    <dd>
                    400:     <p>A <a href="#conforming-user-agent">conforming user agent</a> <em
                    401:      class=ct>must</em> also be a conforming implementation of the IDL
                    402:      fragments in this specification, as described in the Web IDL
                    403:      specification. [<cite><a href="#ref-webidl">WebIDL</a></cite>]
1.31      avankest  404:   </dl>
1.2       avankest  405: 
1.248     avankest  406:   <h3 id=terminology><span class=secno>2.2. </span>Terminology</h3>
1.211     avankest  407: 
1.235     avankest  408:   <p><dfn id=dfn-obtain-unicode>convert a DOMString to a sequence of Unicode
                    409:    characters</dfn> is defined by the Web IDL specification. [<cite><a
                    410:    href="#ref-webidl">WebIDL</a></cite>]
                    411: 
1.259     avankest  412:   <p>The terms and algorithms <dfn
                    413:    id=url-fragment><code>&lt;fragment></code></dfn>, <dfn
                    414:    id=url-scheme><code>&lt;scheme></code></dfn>, <dfn
1.268     avankest  415:    id=cookie-free-document-object>cookie-free <code>Document</code>
                    416:    object</dfn>, <dfn id=document-base-url>document base URL</dfn>, <dfn
1.259     avankest  417:    id=document-character-encoding>document's character encoding</dfn>, <dfn
                    418:    id=event-handler-attributes-0>event handler attributes</dfn>, <dfn
                    419:    id=event-handler-event-type>event handler event type</dfn>, <dfn
1.262     avankest  420:    id=fetch>fetch</dfn>, <dfn id=fully-active>fully active</dfn>, <dfn
1.227     avankest  421:    id=function><code>Function</code></dfn>, <dfn id=dom-innerhtml
                    422:    title=dom-innerHTML><code>innerHTML</code></dfn>, <dfn
1.234     avankest  423:    id=origin>origin</dfn>, <dfn id=preferred-mime-name>preferred MIME
                    424:    name</dfn>, <dfn id=resolve-a-url>resolve a URL</dfn>, <dfn
1.227     avankest  425:    id=same-origin>same origin</dfn>, <dfn id=storage-mutex>storage
                    426:    mutex</dfn>, <dfn id=task>task</dfn>, <dfn id=task-source>task
1.254     avankest  427:    source</dfn>, <dfn id=task-queues>task queues</dfn>, <dfn
                    428:    id=url>URL</dfn>, <dfn id=url-character-encoding>URL character
                    429:    encoding</dfn>, <dfn id=queue-a-task>queue a task</dfn>, and <dfn
                    430:    id=valid-mime-type>valid MIME type</dfn> are defined by the HTML5
1.252     avankest  431:    specification. [<cite><a href="#ref-html5">HTML5</a></cite>]
1.205     avankest  432: 
                    433:   <p>The term <dfn id=entity-body>entity body</dfn> is used as described in
                    434:    RFC 2616. <dfn id=method-token>Method token</dfn> is used as described in
                    435:    section 5.1.1 of RFC 2616. <dfn
                    436:    id=field-name><code>field-name</code></dfn> and <dfn
                    437:    id=field-value><code>field-value</code></dfn> are used as described in
1.250     avankest  438:    section 4.2 of RFC 2616. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.205     avankest  439: 
1.260     avankest  440:   <p>To <dfn id=deflate-a-domstring-into-a-byte-sequence>deflate a DOMString
                    441:    into a byte sequence</dfn> means to create a sequence of bytes such that
                    442:    the <var title="">n</var>th byte of the sequence is equal to the low-order
                    443:    byte of the <var title="">n</var>th code point in the original DOMString.
                    444: 
                    445:   <p>To <dfn id=inflate-a-byte-sequence-into-a-domstring>inflate a byte
                    446:    sequence into a DOMString</dfn> means to create a DOMString such that the
                    447:    <var title="">n</var>th code point has 0x00 as the high-order byte and the
                    448:    <var title="">n</var>th byte of the byte sequence as the low-order byte.
1.258     avankest  449: 
1.205     avankest  450:   <p><dfn id=userinfo><code>userinfo</code></dfn> is used as described in
                    451:    section 3.2.1 of RFC 3986. [<cite><a
                    452:    href="#ref-rfc3986">RFC3986</a></cite>]
                    453: 
                    454:   <p>To <dfn id=dispatch-readystatechange-event>dispatch a
                    455:    <code>readystatechange</code> event</dfn> means that an event with the
1.234     avankest  456:    name <code>readystatechange</code>, which does not bubble and is not
                    457:    cancelable, and which uses the <code>Event</code> interface, is to be
1.270   ! avankest  458:    dispatched at the <a
        !           459:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
1.156     avankest  460: 
1.248     avankest  461:   <h3 id=extensibility><span class=secno>2.3. </span>Extensibility</h3>
1.2       avankest  462: 
1.252     avankest  463:   <p>User agents, Working Groups, and other interested parties are
                    464:    <em>strongly encouraged</em> to discuss extensions on a relevant public
                    465:    forum, preferably <a
                    466:    href="mailto:public-webapps@w3.org">public-webapps@w3.org</a>. If this is
                    467:    for some reason not possible prefix the extension in some way and start
                    468:    the prefix with an uppercase letter. E.g. if company Foo wants to add a
                    469:    private method <code>bar()</code> it could be named <code>FooBar()</code>
                    470:    to prevent clashes with a potential future standardized
                    471:    <code>bar()</code>.
1.2       avankest  472: 
1.250     avankest  473:   <h2 id=the-xmlhttprequest-interface><span class=secno>3. </span>The <code
1.225     avankest  474:    title="">XMLHttpRequest</code> Interface</h2>
1.2       avankest  475: 
1.270   ! avankest  476:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object can
1.225     avankest  477:    be used by scripts to programmatically connect to their originating server
                    478:    via HTTP.
1.2       avankest  479: 
1.230     avankest  480:   <pre class=idl>[NoInterfaceObject]
                    481: interface <dfn id=xmlhttprequesteventtarget>XMLHttpRequestEventTarget</dfn> : EventTarget {
                    482:   // for future use
                    483: };
                    484: 
1.242     avankest  485: [<a href="#dom-xmlhttprequest" title=dom-XMLHttpRequest>Constructor</a>]
1.230     avankest  486: interface <dfn id=xmlhttprequest>XMLHttpRequest</dfn> : <a href="#xmlhttprequesteventtarget">XMLHttpRequestEventTarget</a> {
1.208     avankest  487:   // <a href="#event-handler-attributes">event handler attributes</a>
                    488:            attribute <a href="#function">Function</a> <a href="#onreadystatechange">onreadystatechange</a>;
1.60      avankest  489: 
1.208     avankest  490:   // <a href="#states">states</a>
1.135     avankest  491:   const unsigned short <a href="#unsent-state" title="UNSENT state">UNSENT</a> = 0;
                    492:   const unsigned short <a href="#opened-state" title="OPENED state">OPENED</a> = 1;
1.132     avankest  493:   const unsigned short <a href="#headers-received-state" title="HEADERS_RECEIVED state">HEADERS_RECEIVED</a> = 2;
                    494:   const unsigned short <a href="#loading-state" title="LOADING state">LOADING</a> = 3;
                    495:   const unsigned short <a href="#done-state" title="DONE state">DONE</a> = 4;
                    496:   readonly attribute unsigned short <a href="#readystate">readyState</a>;
1.60      avankest  497: 
1.207     avankest  498:   // <a href="#request">request</a>
1.228     avankest  499:   void <a href="#open">open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>);
                    500:   void <a href="#open">open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>);
1.230     avankest  501:   void <a href="#open">open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>, DOMString? <var>user</var>);
                    502:   void <a href="#open">open</a>(DOMString <var>method</var>, DOMString <var title="">url</var>, boolean <var>async</var>, DOMString? <var>user</var>, DOMString? <var>password</var>);
1.228     avankest  503:   void <a href="#setrequestheader">setRequestHeader</a>(DOMString <var>header</var>, DOMString <var>value</var>);
1.132     avankest  504:   void <a href="#send">send</a>();
1.228     avankest  505:   void <a href="#send">send</a>(Document <var>data</var>);
1.230     avankest  506:   void <a href="#send">send</a>([AllowAny] DOMString? <var>data</var>);
1.132     avankest  507:   void <a href="#abort">abort</a>();
1.60      avankest  508: 
1.207     avankest  509:   // <a href="#response">response</a>
1.205     avankest  510:   readonly attribute unsigned short <a href="#status">status</a>;
                    511:   readonly attribute DOMString <a href="#statustext">statusText</a>;
1.228     avankest  512:   DOMString <a href="#getresponseheader">getResponseHeader</a>(DOMString <var>header</var>);
1.132     avankest  513:   DOMString <a href="#getallresponseheaders">getAllResponseHeaders</a>();
                    514:   readonly attribute DOMString <a href="#responsetext">responseText</a>;
                    515:   readonly attribute Document <a href="#responsexml">responseXML</a>;
1.230     avankest  516: };</pre>
1.237     avankest  517:   <!-- XXX domintro boxes; HTML5-style -->
1.2       avankest  518: 
1.250     avankest  519:   <h3 id=origin-and-base-url><span class=secno>3.1. </span>Origin and Base
1.248     avankest  520:    URL</h3>
1.205     avankest  521: 
1.270   ! avankest  522:   <p>Each <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  523:    has an associated <dfn
1.205     avankest  524:    id=xmlhttprequest-origin><code>XMLHttpRequest</code> origin</dfn> and an
                    525:    <dfn id=xmlhttprequest-base-url><code>XMLHttpRequest</code> base
                    526:    URL</dfn>.
                    527: 
                    528:   <p>This specification defines their values when the global object is
1.270   ! avankest  529:    represented by the <code>Window</code> object. When the <a
        !           530:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object is used in
        !           531:    other contexts their values will have to be defined as appropriate for
        !           532:    that context. That is considered to be out of scope for this
        !           533:    specification.
1.205     avankest  534: 
                    535:   <p>In environments where the global object is represented by the
1.270   ! avankest  536:    <code>Window</code> object the <a
        !           537:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object has an
        !           538:    associated <dfn id=xmlhttprequest-document><code>XMLHttpRequest</code>
1.205     avankest  539:    <code>Document</code></dfn> which is the <code>Document</code> object
1.270   ! avankest  540:    associated with the <code>Window</code> object for which the <a
        !           541:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> interface object
        !           542:    was created.
1.205     avankest  543: 
                    544:   <p class=note>The <a
                    545:    href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    546:    <code>Document</code></a> is used to determine the <a
                    547:    href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a> and
                    548:    <a href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code> base
1.245     avankest  549:    URL</a> at a later stage.
1.205     avankest  550: 
1.250     avankest  551:   <h3 id=task-sources><span class=secno>3.2. </span>Task Sources</h3>
1.205     avankest  552: 
1.253     avankest  553:   <p>The <a href="#task-source">task source</a> used by this specification is
                    554:    the <dfn id=xmlhttprequest-task-source><code>XMLHttpRequest</code> task
                    555:    source</dfn>.
1.205     avankest  556: 
1.250     avankest  557:   <h3 id=constructors><span class=secno>3.3. </span>Constructors</h3>
1.205     avankest  558: 
1.242     avankest  559:   <p>When the <dfn id=dom-xmlhttprequest title=dom-XMLHttpRequest><code
                    560:    title="">XMLHttpRequest()</code></dfn> constructor is invoked, the user
1.270   ! avankest  561:    agent <em class=ct>must</em> return a new <a
        !           562:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object.
1.205     avankest  563: 
1.250     avankest  564:   <h3 id=event-handler-attributes><span class=secno>3.4. </span>Event Handler
1.207     avankest  565:    Attributes</h3>
                    566: 
                    567:   <p>The following is the <a href="#event-handler-attributes-0" title="event
                    568:    handler attributes">event handler attribute</a> (and its corresponding <a
                    569:    href="#event-handler-event-type">event handler event type</a>) that <em
1.270   ! avankest  570:    class=ct>must</em> be supported as DOM attribute by the <a
        !           571:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object:
1.207     avankest  572: 
                    573:   <table>
                    574:    <thead>
                    575:     <tr>
                    576:      <th><a href="#event-handler-attributes-0" title="event handler
                    577:       attributes">event handler attribute</a>
                    578: 
                    579:      <th><a href="#event-handler-event-type">event handler event type</a>
                    580: 
                    581:    <tbody>
                    582:     <tr>
                    583:      <td><dfn id=onreadystatechange><code>onreadystatechange</code></dfn>
                    584: 
                    585:      <td><code>readystatechange</code>
                    586:   </table>
                    587: 
1.250     avankest  588:   <h3 id=states><span class=secno>3.5. </span>States</h3>
1.205     avankest  589: 
1.270   ! avankest  590:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object can
1.225     avankest  591:    be in several states. The <dfn id=readystate><code>readyState</code></dfn>
                    592:    attribute, on getting, <em class=ct>must</em> return the current state,
                    593:    which <em class=ct>must</em> be one of the following values:
1.205     avankest  594: 
                    595:   <dl>
                    596:    <dt><dfn id=unsent-state title="UNSENT state"><code>UNSENT</code></dfn>
                    597:     (numeric value 0)
1.125     avankest  598: 
1.205     avankest  599:    <dd>
                    600:     <p>The object has been constructed.
                    601: 
                    602:    <dt><dfn id=opened-state title="OPENED state"><code>OPENED</code></dfn>
                    603:     (numeric value 1)
                    604: 
                    605:    <dd>
1.270   ! avankest  606:     <p>The <a href="#open"><code>open()</code></a> method has been
1.205     avankest  607:      successfully invoked. During this state request headers can be set using
1.270   ! avankest  608:      <a href="#setrequestheader"><code>setRequestHeader()</code></a> and the
        !           609:      request can be made using the <a href="#send"><code>send()</code></a>
1.205     avankest  610:      method.
1.89      avankest  611: 
1.205     avankest  612:    <dt><dfn id=headers-received-state title="HEADERS_RECEIVED
                    613:     state"><code>HEADERS_RECEIVED</code></dfn> (numeric value 2)
1.89      avankest  614: 
1.205     avankest  615:    <dd>
1.259     avankest  616:     <p>All redirects (if any) have been followed and all HTTP headers of the
                    617:      final response have been received. Several response members of the
1.205     avankest  618:      object are now available.
1.91      avankest  619: 
1.205     avankest  620:    <dt><dfn id=loading-state title="LOADING state"><code>LOADING</code></dfn>
                    621:     (numeric value 3)
1.112     avankest  622: 
1.205     avankest  623:    <dd>
                    624:     <p>The <a href="#response-entity-body">response entity body</a> is being
                    625:      received.
1.91      avankest  626: 
1.205     avankest  627:    <dt><dfn id=done-state title="DONE state"><code>DONE</code></dfn> (numeric
                    628:     value 4)
1.119     avankest  629: 
1.205     avankest  630:    <dd>
                    631:     <p>The data transfer has been completed or something went wrong during
                    632:      the transfer (e.g. infinite redirects).
                    633:   </dl>
1.116     avankest  634: 
1.205     avankest  635:   <p>The <a href="#opened-state" title="OPENED state">OPENED</a> state has an
                    636:    associated <dfn id=send-flag><code>send()</code> flag</dfn> that indicates
1.270   ! avankest  637:    whether the <a href="#send"><code>send()</code></a> method has been
1.205     avankest  638:    invoked. It can be either true or false and has an initial value of false.
                    639: 
                    640:   <p>The <a href="#done-state" title="DONE state">DONE</a> state has an
                    641:    associated <dfn id=error-flag>error flag</dfn> that indicates some type of
                    642:    network error or abortion. It can be either true or false and has an
                    643:    initial value of false.
                    644: 
1.250     avankest  645:   <h3 id=request><span class=secno>3.6. </span>Request</h3>
1.112     avankest  646: 
1.270   ! avankest  647:   <p>The <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object
1.225     avankest  648:    holds the following request metadata variables:
1.112     avankest  649: 
1.206     avankest  650:   <dl>
                    651:    <dt>The <dfn id=asynchronous-flag>asynchronous flag</dfn>
                    652: 
                    653:    <dd>A flag that is either true or false that indicates whether the request
                    654:     is done asynchronously.
                    655: 
                    656:    <dt>The <dfn id=request-method>request method</dfn>
                    657: 
                    658:    <dd>The method used in the request.
                    659: 
                    660:    <dt>The <dfn id=request-url>request URL</dfn>
                    661: 
                    662:    <dd>The <a href="#url">URL</a> used in the request.
                    663: 
                    664:    <dt>The <dfn id=request-username>request username</dfn>
                    665: 
                    666:    <dd>The username used in the request or null if there is no username.
                    667: 
                    668:    <dt>The <dfn id=request-password>request password</dfn>
                    669: 
                    670:    <dd>The password used in the request or null if there is no password.
1.112     avankest  671: 
1.206     avankest  672:    <dt>The <dfn id=author-request-headers>author request headers</dfn>
1.112     avankest  673: 
1.206     avankest  674:    <dd>A list consisting of HTTP header name/value pairs to be used in the
                    675:     request.
1.112     avankest  676: 
1.206     avankest  677:    <dt>The <dfn id=request-entity-body>request entity body</dfn>
1.112     avankest  678: 
1.206     avankest  679:    <dd>The <a href="#entity-body">entity body</a> used in the request.
                    680:   </dl>
1.205     avankest  681: 
1.250     avankest  682:   <h4 id=the-open-method><span class=secno>3.6.1. </span>The <code
1.205     avankest  683:    title="">open()</code> method</h4>
                    684: 
                    685:   <p>When the <dfn id=open title=open><code>open(<var>method</var>, <var
                    686:    title="">url</var>, <var>async</var>, <var>user</var>,
                    687:    <var>password</var>)</code></dfn> method is invoked, the user agent <em
1.219     avankest  688:    class=ct>must</em> run these steps (unless otherwise indicated):
1.112     avankest  689: 
1.205     avankest  690:   <ol>
                    691:    <li>
1.270   ! avankest  692:     <p>If the <a href="#xmlhttprequest"><code>XMLHttpRequest</code></a>
1.225     avankest  693:      object has an associated <a
1.205     avankest  694:      href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    695:      <code>Document</code></a> run these substeps:</p>
1.112     avankest  696: 
1.205     avankest  697:     <ol>
                    698:      <li>
                    699:       <p>If the <a
                    700:        href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    701:        <code>Document</code></a> is not <a href="#fully-active">fully
                    702:        active</a> raise an <code>INVALID_STATE_ERR</code> exception and
                    703:        terminate the overall set of steps.
                    704: 
                    705:      <li>
                    706:       <p>Let <a href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code>
                    707:        base URL</a> be the <a href="#document-base-url">document base URL</a>
                    708:        of the <a href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    709:        <code>Document</code></a>.
                    710: 
                    711:      <li>
                    712:       <p>Let <a href="#xmlhttprequest-origin"><code>XMLHttpRequest</code>
                    713:        origin</a> be the <a href="#origin">origin</a> of the <a
                    714:        href="#xmlhttprequest-document"><code>XMLHttpRequest</code>
                    715:        <code>Document</code></a>.
                    716:     </ol>
1.112     avankest  717: 
                    718:    <li>
1.258     avankest  719:     <p>If any code point in <var>method</var> is higher than U+00FF LATIN
1.260     avankest  720:      SMALL LETTER Y WITH DIAERESIS or after <span title="deflate a DOMString
                    721:      into an byte sequence">deflating</span> <var>method</var> it does not
                    722:      match the <a href="#method-token">Method token</a> production raise a
                    723:      <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
                    724:      let <var>method</var> be the result of <span title="deflate a DOMString
                    725:      into an byte sequence">deflating</span> <var>method</var>.
1.258     avankest  726:    </li>
                    727:    <!-- This sounds lame, but it works. -->
1.91      avankest  728: 
                    729:    <li>
1.258     avankest  730:     <p>If <var>method</var> is a case-insensitive match for
                    731:      <code>CONNECT</code>, <code>DELETE</code>, <code>GET</code>,
                    732:      <code>HEAD</code>, <code>OPTIONS</code>, <code>POST</code>,
                    733:      <code>PUT</code>, <code>TRACE</code>, or <code>TRACK</code> subtract
                    734:      0x20 from each byte in the range 0x61 (ASCII a) to 0x7A (ASCII z).</p>
1.205     avankest  735: 
                    736:     <p class=note>If it does not match any of the above, it is passed through
                    737:      <em>literally</em>, including in the final request.</p>
                    738:    </li>
                    739:    <!-- WebKit (and supposedly Gecko) also uppercase: COPY, INDEX, LOCK,
                    740:    M-POST, MKCOL, MOVE, PROPFIND, PROPPATCH, and UNLOCK. -->
1.89      avankest  741: 
1.205     avankest  742:    <li>
1.258     avankest  743:     <p>If <var>method</var> is a case-sensitive match for
1.261     avankest  744:      <code>CONNECT</code>, <code>TRACE</code>, or <code>TRACK</code> raise a
1.270   ! avankest  745:      <a href="#security-err"><code>SECURITY_ERR</code></a> exception and
1.261     avankest  746:      terminate these steps.</p>
1.164     avankest  747: 
1.205     avankest  748:     <p class=note>Allowing these methods poses a security risk. [<cite><a
                    749:      href="#ref-httpverbsec">HTTPVERBSEC</a></cite>]</p>
1.89      avankest  750: 
1.91      avankest  751:    <li>
1.205     avankest  752:     <p>Let <var title="">url</var> be a <a href="#url">URL</a>.
1.89      avankest  753: 
                    754:    <li>
1.205     avankest  755:     <p>Let <a href="#url-character-encoding">URL character encoding</a> of
                    756:      <var title="">url</var> be UTF-8.
1.89      avankest  757: 
                    758:    <li>
1.257     avankest  759:     <p><a href="#resolve-a-url" title="Resolve a URL">Resolve</a> <var
                    760:      title="">url</var> relative to the <a
1.205     avankest  761:      href="#xmlhttprequest-base-url"><code>XMLHttpRequest</code> base
                    762:      URL</a>. If the algorithm returns an error raise a
                    763:      <code>SYNTAX_ERR</code> exception and terminate these steps.
                    764:    </li>
                    765:    <!-- Presto and Gecko override the encoding. WebKit does not. Trident
                    766:    does not support non-ASCII URLs. This matters for the <query> component,
                    767:    see HTML5. -->
1.129     avankest  768: 
1.205     avankest  769:    <li>
1.270   ! avankest  770:     <p>Drop <a href="#url-fragment"><code>&lt;fragment></code></a> from <var
1.205     avankest  771:      title="">url</var>.
1.89      avankest  772: 
                    773:    <li>
1.270   ! avankest  774:     <p>If <var title="">url</var> contains an unsupported <a
        !           775:      href="#url-scheme"><code>&lt;scheme></code></a> raise a
1.205     avankest  776:      <code>NOT_SUPPORTED_ERR</code> and terminate these steps.
1.89      avankest  777: 
1.205     avankest  778:    <li>
1.270   ! avankest  779:     <p>If the <code>"user:password"</code> format in the <a
        !           780:      href="#userinfo"><code>userinfo</code></a> production is not supported
        !           781:      for the relevant scheme and <var title="">url</var> contains this format
        !           782:      raise a <code>SYNTAX_ERR</code> and terminate these steps.
1.2       avankest  783: 
1.205     avankest  784:    <li>
                    785:     <p>If <var title="">url</var> contains the <code>"user:password"</code>
                    786:      format let <var>temp user</var> be the user part and <var>temp
                    787:      password</var> be the password part.
1.2       avankest  788: 
1.205     avankest  789:    <li>
                    790:     <p>If <var title="">url</var> just contains the <code>"user"</code>
                    791:      format let <var>temp user</var> be the user part.
1.2       avankest  792: 
1.205     avankest  793:    <li>
                    794:     <p>If the <a href="#origin">origin</a> of <var title="">url</var> is not
                    795:      <a href="#same-origin">same origin</a> with the <a
1.261     avankest  796:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>
1.270   ! avankest  797:      raise a <a href="#security-err"><code>SECURITY_ERR</code></a> exception
1.261     avankest  798:      and terminate these steps.
1.2       avankest  799: 
1.205     avankest  800:    <li>
                    801:     <p>Let <var>async</var> be the value of the <var>async</var> argument or
                    802:      <code>true</code> if it was omitted.
1.2       avankest  803: 
1.205     avankest  804:    <li>
                    805:     <p>If the <var>user</var> argument was not omitted follow these sub
                    806:      steps:</p>
1.2       avankest  807: 
1.60      avankest  808:     <ol>
                    809:      <li>
1.205     avankest  810:       <p>If the syntax of <var>user</var> does not match the syntax specified
                    811:        by the relevant authentication scheme, raise a <code>SYNTAX_ERR</code>
                    812:        exception and terminate the overall set of steps.
1.157     avankest  813: 
                    814:      <li>
1.241     avankest  815:       <p>If <var>user</var> is null let <var>temp user</var> be null.
1.2       avankest  816: 
1.60      avankest  817:      <li>
1.205     avankest  818:       <p>Otherwise let <var>temp user</var> be <var>user</var>.
                    819:     </ol>
1.184     avankest  820: 
1.205     avankest  821:     <p class=note>These steps override anything that may have been set by the
                    822:      <var title="">url</var> argument.</p>
1.157     avankest  823: 
1.205     avankest  824:    <li>
                    825:     <p>If the <var>password</var> argument was not omitted follow these sub
                    826:      steps:</p>
1.2       avankest  827: 
1.205     avankest  828:     <ol>
1.60      avankest  829:      <li>
1.205     avankest  830:       <p>If the syntax of <var>password</var> does not match the syntax
                    831:        specified by the relevant authentication scheme, raise a
                    832:        <code>SYNTAX_ERR</code> exception and terminate the overall set of
                    833:        steps.
1.192     avankest  834: 
                    835:      <li>
1.241     avankest  836:       <p>If <var>password</var> is null let <var>temp password</var> be null.
1.2       avankest  837: 
1.60      avankest  838:      <li>
1.205     avankest  839:       <p>Otherwise let <var>temp password</var> be <var>password</var>.
                    840:     </ol>
1.102     avankest  841: 
1.205     avankest  842:     <p class=note>These steps override anything that may have been set by the
                    843:      <var title="">url</var> argument.</p>
1.2       avankest  844: 
1.205     avankest  845:    <li>
                    846:     <p><a href="#abort-send-algorithm" title="abort send()">Abort the
                    847:      <code>send()</code> algorithm</a>.
1.2       avankest  848: 
1.205     avankest  849:    <li>
                    850:     <p>The user agent <em class=ct>should</em> cancel any network activity
                    851:      for which the object is responsible.
                    852:    </li>
                    853:    <!-- we can hardly require it... -->
1.24      avankest  854: 
1.205     avankest  855:    <li>
1.254     avankest  856:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                    857:      object's <a
                    858:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                    859:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                    860:      remove those tasks.
                    861: 
                    862:    <li>
1.205     avankest  863:     <p>Set variables associated with the object as follows:</p>
1.70      avankest  864: 
1.205     avankest  865:     <ul>
1.60      avankest  866:      <li>
1.205     avankest  867:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to false.
1.60      avankest  868: 
                    869:      <li>
1.205     avankest  870:       <p>Set <a href="#response-entity-body">response entity body</a> to
                    871:        null.
1.60      avankest  872: 
                    873:      <li>
1.205     avankest  874:       <p>Empty the list of <a href="#author-request-headers">author request
                    875:        headers</a>.</p>
1.17      avankest  876: 
1.60      avankest  877:      <li>
1.205     avankest  878:       <p>Set the <a href="#request-method">request method</a> to
                    879:        <var>method</var>.
1.17      avankest  880: 
1.60      avankest  881:      <li>
1.205     avankest  882:       <p>Set the <a href="#request-url">request URL</a> to <var
                    883:        title="">url</var>.
1.17      avankest  884: 
1.60      avankest  885:      <li>
1.205     avankest  886:       <p>Set the <a href="#request-username">request username</a> to
                    887:        <var>temp user</var>.
1.17      avankest  888: 
1.60      avankest  889:      <li>
1.205     avankest  890:       <p>Set the <a href="#request-password">request password</a> to
                    891:        <var>temp password</var>.
1.17      avankest  892: 
1.60      avankest  893:      <li>
1.205     avankest  894:       <p>Set the <a href="#asynchronous-flag">asynchronous flag</a> to true
                    895:        if <var>async</var> is <code>true</code>. Otherwise set it to false.
                    896:     </ul>
1.44      avankest  897: 
1.205     avankest  898:    <li>
                    899:     <p>Switch the the state to <a href="#opened-state" title="OPENED
                    900:      state">OPENED</a>.
1.176     avankest  901: 
1.205     avankest  902:    <li>
                    903:     <p><a href="#dispatch-readystatechange-event">Dispatch a
                    904:      <code>readystatechange</code> event</a>.
                    905:   </ol>
1.22      avankest  906: 
1.205     avankest  907:   <p class=note>A future version or extension of this specification will
                    908:    define a way of doing cross-origin requests.
1.24      avankest  909: 
1.250     avankest  910:   <h4 id=the-setrequestheader-method><span class=secno>3.6.2. </span>The
1.248     avankest  911:    <code title="">setRequestHeader()</code> method</h4>
1.237     avankest  912:   <!-- XXX domintro authors
1.205     avankest  913:   The <code>setRequestHeader()</code> method can be used to set new request
                    914:     headers and append to request headers already in the list.</p>
                    915:   -->
                    916: 
                    917:   <p>As indicated in the algorithm below certain headers cannot be set and
                    918:    are left up to the user agent. In addition there are certain other headers
                    919:    the user agent will take control of if they are not set by the author as
1.270   ! avankest  920:    indicated at the end of the <a href="#send"><code>send()</code></a> method
1.205     avankest  921:    section.
                    922: 
1.270   ! avankest  923:   <p class=note>The <a
        !           924:    href="#setrequestheader"><code>setRequestHeader()</code></a> method
        !           925:    appends a value if the HTTP header given as argument is already part of
        !           926:    the <a href="#author-request-headers">author request headers</a> list.
1.205     avankest  927: 
                    928:   <p>When the <dfn id=setrequestheader
                    929:    title=setrequestheader><code>setRequestHeader(<var>header</var>,
                    930:    <var>value</var>)</code></dfn> method is invoked, the user agent <em
1.261     avankest  931:    class=ct>must</em> run these steps:
1.6       avankest  932: 
1.205     avankest  933:   <ol>
                    934:    <li>
                    935:     <p>If the state is not <a href="#opened-state" title="OPENED
                    936:      state">OPENED</a> raise an <code>INVALID_STATE_ERR</code> exception and
                    937:      terminate these steps.
1.47      avankest  938: 
1.205     avankest  939:    <li>
                    940:     <p>If the <a href="#send-flag"><code>send()</code> flag</a> is true raise
                    941:      an <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest  942: 
1.205     avankest  943:    <li>
1.258     avankest  944:     <p>If any code point in <var>header</var> is higher than U+00FF LATIN
1.260     avankest  945:      SMALL LETTER Y WITH DIAERESIS or after <span title="deflate a DOMString
                    946:      into an byte sequence">deflating</span> <var>header</var> it does not
                    947:      match the <a href="#field-name">field-name</a> production raise a
1.258     avankest  948:      <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
1.260     avankest  949:      let <var>header</var> be the result of <span title="deflate a DOMString
                    950:      into an byte sequence">deflating</span> <var>header</var>.
1.258     avankest  951:    </li>
                    952:    <!-- This sounds lame, but it works. -->
1.6       avankest  953: 
1.205     avankest  954:    <li>
1.258     avankest  955:     <p>If any code point in <var>value</var> is higher than U+00FF LATIN
1.260     avankest  956:      SMALL LETTER Y WITH DIAERESIS or after <span title="deflate a DOMString
                    957:      into an byte sequence">deflating</span> <var>value</var> it does not
                    958:      match the <a href="#field-value">field-value</a> production raise a
1.258     avankest  959:      <code>SYNTAX_ERR</code> exception and terminate these steps. Otherwise
1.260     avankest  960:      let <var>value</var> be the result of <span title="deflate a DOMString
                    961:      into an byte sequence">deflating</span> <var>value</var>.</p>
1.258     avankest  962:     <!-- This sounds lame, but it works. -->
1.205     avankest  963:     <p class=note>The empty string is legal and represents the empty header
                    964:      value.</p>
1.71      avankest  965: 
1.205     avankest  966:    <li>
1.261     avankest  967:     <p>Terminate these steps if <var>header</var> is a case-insensitive match
                    968:      for one of the following headers:</p>
1.179     avankest  969: 
1.205     avankest  970:     <ul>
                    971:      <li><code>Accept-Charset</code>
1.60      avankest  972: 
1.205     avankest  973:      <li><code>Accept-Encoding</code>
1.34      avankest  974: 
1.205     avankest  975:      <li><code>Connection</code>
1.34      avankest  976: 
1.205     avankest  977:      <li><code>Content-Length</code>
1.177     avankest  978: 
1.205     avankest  979:      <li><code>Cookie</code>
1.69      avankest  980: 
1.205     avankest  981:      <li><code>Cookie2</code>
1.34      avankest  982: 
1.205     avankest  983:      <li><code>Content-Transfer-Encoding</code>
1.177     avankest  984: 
1.205     avankest  985:      <li><code>Date</code>
1.177     avankest  986: 
1.205     avankest  987:      <li><code>Expect</code>
1.69      avankest  988: 
1.205     avankest  989:      <li><code>Host</code>
1.69      avankest  990: 
1.205     avankest  991:      <li><code>Keep-Alive</code>
1.34      avankest  992: 
1.205     avankest  993:      <li><code>Referer</code>
1.34      avankest  994: 
1.205     avankest  995:      <li><code>TE</code>
1.34      avankest  996: 
1.205     avankest  997:      <li><code>Trailer</code>
1.34      avankest  998: 
1.205     avankest  999:      <li><code>Transfer-Encoding</code>
1.34      avankest 1000: 
1.205     avankest 1001:      <li><code>Upgrade</code>
1.34      avankest 1002: 
1.205     avankest 1003:      <li><code>User-Agent</code>
1.34      avankest 1004: 
1.205     avankest 1005:      <li><code>Via</code>
                   1006:     </ul>
1.69      avankest 1007: 
1.258     avankest 1008:     <p>&hellip; or if the start of <var>header</var> is a case-insensitive
                   1009:      match for <code>Proxy-</code> or <code>Sec-</code> (including when
1.205     avankest 1010:      <var>header</var> is just <code>Proxy-</code> or <code>Sec-</code>).</p>
                   1011: 
                   1012:     <p class=note>The above headers are not allowed to be set as they are
                   1013:      better controlled by the user agent as it knows best what value they
1.261     avankest 1014:      ought to have. Header names starting with <code>Sec-</code> are not
1.205     avankest 1015:      allowed to be set to allow new headers to be minted in the future that
1.270   ! avankest 1016:      are guaranteed not to come from <a
        !          1017:      href="#xmlhttprequest"><code>XMLHttpRequest</code></a>. (Older clients
        !          1018:      would however still be vulnerable as they allow such headers to be set.)</p>
1.185     avankest 1019: 
1.205     avankest 1020:    <li>
                   1021:     <p>If <var>header</var> is not in the <a
                   1022:      href="#author-request-headers">author request headers</a> list append
                   1023:      <var>header</var> with its associated <var>value</var> to the list and
                   1024:      terminate these steps.
1.6       avankest 1025: 
1.205     avankest 1026:    <li>
                   1027:     <p>If <var>header</var> is in the <a
                   1028:      href="#author-request-headers">author request headers</a> list either
                   1029:      use multiple headers, combine the values or use a combination of those
                   1030:      (section 4.2, RFC 2616). [<cite><a
1.250     avankest 1031:      href="#rfc-rfc2616">RFC2616</a></cite>]
1.205     avankest 1032:    </li>
                   1033:    <!-- XXX it seems UAs always combine the values -->
                   1034:   </ol>
1.18      avankest 1035: 
1.270   ! avankest 1036:   <p class=note>See also the <a href="#send"><code>send()</code></a> method
1.205     avankest 1037:    regarding user agent header handling for caching, authentication, proxies,
                   1038:    and cookies.
1.47      avankest 1039: 
1.205     avankest 1040:   <div class=example>
                   1041:    <pre><code>// The following script:
1.18      avankest 1042: var client = new XMLHttpRequest();
                   1043: client.open('GET', 'demo.cgi');
                   1044: client.setRequestHeader('X-Test', 'one');
                   1045: client.setRequestHeader('X-Test', 'two');
                   1046: client.send();
                   1047: 
                   1048: // ...would result in the following header being sent:
                   1049: ...
                   1050: X-Test: one, two
1.60      avankest 1051: ...</code></pre>
1.205     avankest 1052:   </div>
1.6       avankest 1053: 
1.250     avankest 1054:   <h4 id=the-send-method><span class=secno>3.6.3. </span>The <code
1.205     avankest 1055:    title="">send()</code> method</h4>
1.237     avankest 1056:   <!-- XXX domintro
                   1057:   <p>The <code>send()</code> method initiates the request and its optional
                   1058:   argument provides the <span>request entity body</span>.</p>
                   1059:   -->
1.205     avankest 1060: 
                   1061:   <p>When the <dfn id=send
                   1062:    title=send><code>send(<var>data</var>)</code></dfn> method is invoked, the
                   1063:    user agent <em class=ct>must</em> run the following steps (unless
1.270   ! avankest 1064:    otherwise noted). This algorithm gets aborted when the <a
        !          1065:    href="#open"><code>open()</code></a> or <a
        !          1066:    href="#abort"><code>abort()</code></a> method is invoked. When the <dfn
1.205     avankest 1067:    id=abort-send-algorithm title="abort send()"><code>send()</code> algorithm
                   1068:    is aborted</dfn> the user agent <em class=ct>must</em> terminate the
                   1069:    algorithm after finishing the step it is on.
                   1070: 
                   1071:   <p class=note>The <code title="">send()</code> algorithm can only be
                   1072:    aborted when the <a href="#asynchronous-flag">asynchronous flag</a> is
                   1073:    true and only after the method call has returned.
1.60      avankest 1074: 
1.205     avankest 1075:   <ol>
                   1076:    <li>
                   1077:     <p>If the state is not <a href="#opened-state" title="OPENED
                   1078:      state">OPENED</a> raise an <code>INVALID_STATE_ERR</code> exception and
                   1079:      terminate these steps.
1.60      avankest 1080: 
1.205     avankest 1081:    <li>
                   1082:     <p>If the <a href="#send-flag"><code>send()</code> flag</a> is true raise
                   1083:      an <code>INVALID_STATE_ERR</code> exception and terminate these steps.
1.60      avankest 1084: 
1.205     avankest 1085:    <li>
                   1086:     <p>If the <span>request method is <code>GET</code> or <code>HEAD</code>
1.241     avankest 1087:      act as if <var>data</var> is null.</span></p>
1.203     avankest 1088: 
1.241     avankest 1089:     <p>If the <var>data</var> argument has been omitted or is null, do not
                   1090:      include a <a href="#request-entity-body">request entity body</a> and go
                   1091:      to the next step.</p>
1.234     avankest 1092: 
1.250     avankest 1093:     <p>Otherwise, let <var>encoding</var> be null, <var>mime type</var> be
                   1094:      null, and then follow these rules:</p>
1.205     avankest 1095: 
                   1096:     <dl class=switch>
1.250     avankest 1097:      <dt>If <var>data</var> is a <code>Document</code>
1.205     avankest 1098: 
                   1099:      <dd>
1.234     avankest 1100:       <p>Let <var>encoding</var> be the <a
                   1101:        href="#preferred-mime-name">preferred MIME name</a> of the <a
1.246     avankest 1102:        href="#document-character-encoding" title="document's character
1.234     avankest 1103:        encoding">character encoding</a> of <var>data</var>. If
                   1104:        <var>encoding</var> is UTF-16 change it to UTF-8.</p>
                   1105: 
1.250     avankest 1106:       <p>Let <var>mime type</var> be "<code>application/xml;charset=</code>"
                   1107:        followed by <var>encoding</var>.</p>
1.234     avankest 1108: 
                   1109:       <p>Let the <a href="#request-entity-body">request entity body</a> be
1.270   ! avankest 1110:        the result of getting the <a href="#dom-innerhtml"><code
        !          1111:        title=dom-innerHTML>innerHTML</code></a> attribute on <var>data</var>
        !          1112:        <a href="#dfn-obtain-unicode" title="convert a DOMString to a sequence
        !          1113:        of Unicode characters">converted to Unicode</a> and encoded as
        !          1114:        <var>encoding</var>. Re-raise any exception this raises.</p>
1.210     avankest 1115: 
1.235     avankest 1116:       <p class=note>In particular, if the document cannot be serialized an
1.219     avankest 1117:        <code>INVALID_STATE_ERR</code> exception is raised.</p>
                   1118: 
1.205     avankest 1119:       <p class=note>Subsequent changes to the <code>Document</code> have no
                   1120:        effect on what is submitted.</p>
1.239     avankest 1121: 
1.250     avankest 1122:      <dt>If <var>data</var> is a <code>DOMString</code>
1.239     avankest 1123: 
                   1124:      <dd>
1.250     avankest 1125:       <p>Let <var>encoding</var> be UTF-8.</p>
                   1126: 
                   1127:       <p>Let <var>mime type</var> be "<code>text/plain;charset=UTF-8</code>".</p>
                   1128: 
1.239     avankest 1129:       <p>Let the <a href="#request-entity-body">request entity body</a> be
                   1130:        <var>data</var> <a href="#dfn-obtain-unicode" title="convert a
                   1131:        DOMString to a sequence of Unicode characters">converted to
1.250     avankest 1132:        Unicode</a> and encoded as UTF-8.</p>
1.205     avankest 1133:     </dl>
1.103     avankest 1134: 
1.270   ! avankest 1135:     <p>If a <code>Content-Type</code> header is set using <a
        !          1136:      href="#setrequestheader"><code>setRequestHeader()</code></a> whose value
        !          1137:      is a <a href="#valid-mime-type">valid MIME type</a> and has a
1.258     avankest 1138:      <code>charset</code> parameter whose value is not a case-insensitive
                   1139:      match for <var>encoding</var>, and <var>encoding</var> is not null, set
                   1140:      all the <code>charset</code> parameters of the <code>Content-Type</code>
                   1141:      header to <var>encoding</var>.</p>
1.234     avankest 1142: 
1.270   ! avankest 1143:     <p>If no <code>Content-Type</code> header has been set using <a
        !          1144:      href="#setrequestheader"><code>setRequestHeader()</code></a> and
        !          1145:      <var>mime type</var> is not null set a <code>Content-Type</code> request
        !          1146:      header with as value <var>mime type</var>.</p>
1.238     avankest 1147:     <!-- reminder: if we ever change this to always include charset it has
                   1148:     to be included as the first parameter for compatibility reasons -->
                   1149:     
1.167     avankest 1150: 
1.205     avankest 1151:    <li>
                   1152:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
                   1153:      release the <a href="#storage-mutex">storage mutex</a>.
1.60      avankest 1154: 
1.205     avankest 1155:    <li>
                   1156:     <p>Set the <a href="#error-flag">error flag</a> to false.
1.164     avankest 1157: 
1.205     avankest 1158:    <li>
1.213     avankest 1159:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is true run
                   1160:      these substeps:</p>
                   1161: 
                   1162:     <ol>
                   1163:      <li>
1.219     avankest 1164:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to true.
                   1165: 
                   1166:      <li>
1.213     avankest 1167:       <p><a href="#dispatch-readystatechange-event">Dispatch a
                   1168:        <code>readystatechange</code> event</a>.</p>
                   1169: 
                   1170:       <p class=note>The state does not change. The event is dispatched for
                   1171:        historical reasons.</p>
                   1172: 
                   1173:      <li>
1.270   ! avankest 1174:       <p>Return the <a href="#send"><code>send()</code></a> method call, but
1.213     avankest 1175:        continue running the steps in this algorithm.
                   1176:     </ol>
                   1177: 
                   1178:    <li>
1.263     avankest 1179:     <p><a href="#fetch">Fetch</a> the <a href="#request-url">request URL</a>
                   1180:      from <i title="">origin</i> <a
1.262     avankest 1181:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a>,
                   1182:      with the <i title="">synchronous flag</i> set if the <a
                   1183:      href="#asynchronous-flag">asynchronous flag</a> is false, using HTTP
1.213     avankest 1184:      method <a href="#request-method">request method</a>, user <a
                   1185:      href="#request-username">request username</a> (if non-null) and password
                   1186:      <a href="#request-password">request password</a> (if non-null), taking
                   1187:      into account the <a href="#request-entity-body">request entity body</a>,
                   1188:      list of <a href="#author-request-headers">author request headers</a> and
                   1189:      the rules listed at the end of this section.</p>
                   1190: 
1.226     avankest 1191:     <dl class=switch>
1.205     avankest 1192:      <dt>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
1.195     avankest 1193: 
1.205     avankest 1194:      <dd>
1.213     avankest 1195:       <p>While making the request also follow the <a
1.221     avankest 1196:        href="#same-origin-request-event-rules">same-origin request event
                   1197:        rules</a>.</p>
1.213     avankest 1198:       <!--
1.250     avankest 1199:          This cannot involve any task queue whatsoever because that would
                   1200:          mean other tasks on the task queue might get processed as well
                   1201:          which is counter to the whole idea of doing things synchronous.
                   1202:         -->
1.213     avankest 1203:       
1.270   ! avankest 1204:       <p class=note>The <a href="#send"><code>send()</code></a> method call
1.213     avankest 1205:        will now be returned by virtue of this algorithm ending.</p>
1.205     avankest 1206: 
                   1207:      <dt>If the <a href="#asynchronous-flag">asynchronous flag</a> is true
                   1208: 
                   1209:      <dd>
1.250     avankest 1210:       <p><span>Make progress notifications</span>.</p>
                   1211: 
                   1212:       <p><span>Make upload progress notifications</span>.</p>
                   1213: 
1.213     avankest 1214:       <p>While processing the request, as data becomes available and when the
1.250     avankest 1215:        user interferes with the request, <a href="#queue-a-task" title="queue
1.257     avankest 1216:        a task">queue tasks</a> to update the <a
                   1217:        href="#response-entity-body">response entity body</a> and follow the
                   1218:        <a href="#same-origin-request-event-rules">same-origin request event
1.256     avankest 1219:        rules</a>.</p>
1.205     avankest 1220:     </dl>
                   1221:   </ol>
1.124     avankest 1222: 
1.205     avankest 1223:   <hr>
                   1224: 
1.229     avankest 1225:   <p>If the user agent allows the end user to configure a proxy it <em
1.250     avankest 1226:    class=ct>should</em> modify the request appropriately; i.e., connect to
                   1227:    the proxy host instead of the origin server, modify the
1.214     avankest 1228:    <code>Request-Line</code> and send <code>Proxy-Authorization</code>
                   1229:    headers as specified.
                   1230: 
1.264     avankest 1231:   <hr>
                   1232: 
                   1233:   <p>If the user agent supports HTTP Authentication and <code
                   1234:    title=http-authorization>Authorization</code> is not in the list of <a
1.220     avankest 1235:    href="#author-request-headers">author request headers</a>, it <em
1.270   ! avankest 1236:    class=ct>should</em> consider requests originating from the <a
        !          1237:    href="#xmlhttprequest"><code>XMLHttpRequest</code></a> object to be part
        !          1238:    of the protection space that includes the accessed URIs and send <code
1.264     avankest 1239:    title=http-authorization>Authorization</code> headers and handle <code>401
                   1240:    Unauthorized</code> requests appropriately.
                   1241: 
                   1242:   <p>If authentication fails, <code
                   1243:    title=http-authorization>Authorization</code> is not in the list of <a
                   1244:    href="#author-request-headers">author request headers</a>, <a
                   1245:    href="#request-username">request username</a> is null, and <a
                   1246:    href="#request-password">request password</a> is null, user agents <em
                   1247:    class=ct>should</em> prompt the end user for their username and password.
                   1248: 
                   1249:   <p>If authentication fails, <code
                   1250:    title=http-authorization>Authorization</code> is not in the list of <a
                   1251:    href="#author-request-headers">author request headers</a>, <a
                   1252:    href="#request-username">request username</a> is non-null, and <a
                   1253:    href="#request-password">request password</a> is non-null, user agents <em
                   1254:    class=ct>must not</em> prompt the end user for their username and
                   1255:    password. [<cite><a href="#ref-rfc2617">RFC2617</a></cite>]
1.214     avankest 1256: 
1.229     avankest 1257:   <p class=note>End users are not prompted if credentials are provided
1.270   ! avankest 1258:    through the <a href="#open"><code>open()</code></a> API so that authors
1.229     avankest 1259:    can implement their own user interface.
1.214     avankest 1260: 
1.264     avankest 1261:   <hr>
                   1262: 
1.214     avankest 1263:   <p>If the user agent supports HTTP State Management it <em
                   1264:    class=ct>should</em> persist, discard and send cookies (as received in the
                   1265:    <code>Set-Cookie</code> and <code>Set-Cookie2</code> response headers, and
                   1266:    sent in the <code>Cookie</code> header) as applicable. [<cite><a
1.232     avankest 1267:    href="#ref-cookies">COOKIES</a></cite>]
1.214     avankest 1268: 
1.264     avankest 1269:   <hr>
                   1270: 
1.214     avankest 1271:   <p>If the user agent implements a HTTP cache it <em class=ct>should</em>
1.270   ! avankest 1272:    respect <code>Cache-Control</code> request headers set by the <a
        !          1273:    href="#setrequestheader"><code>setRequestHeader()</code></a> (e.g.,
1.214     avankest 1274:    <code>Cache-Control: no-cache</code> bypasses the cache). It <em
                   1275:    class=ct>must not</em> send <code>Cache-Control</code> or
1.229     avankest 1276:    <code>Pragma</code> request headers automatically unless the end user
1.214     avankest 1277:    explicitly requests such behavior (e.g. by (force-)reloading the page).
                   1278: 
                   1279:   <p>For <code>304 Not Modified</code> responses that are a result of a user
                   1280:    agent generated conditional request the user agent <em class=ct>must</em>
                   1281:    act as if the server gave a <code>200 OK</code> response with the
1.270   ! avankest 1282:    appropriate content. The user agent <em class=ct>must</em> allow <a
        !          1283:    href="#setrequestheader"><code>setRequestHeader()</code></a> to override
1.250     avankest 1284:    automatic cache validation by setting request headers (e.g.
                   1285:    <code>If-None-Match</code> or <code>If-Modified-Since</code>), in which
                   1286:    case <code>304 Not Modified</code> responses <em class=ct>must</em> be
                   1287:    passed through. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.214     avankest 1288: 
1.264     avankest 1289:   <hr>
                   1290: 
1.214     avankest 1291:   <p>If the user agent implements server-driven content-negotiation it <em
                   1292:    class=ct>should</em> set <code>Accept-Encoding</code> and
1.233     avankest 1293:    <code>Accept-Charset</code> headers as appropriate. For
                   1294:    <code>Accept</code> and <code>Accept-Language</code> the user agent <em
                   1295:    class=ct>must</em> follow these constraints:
                   1296: 
                   1297:   <ul>
                   1298:    <li>
                   1299:     <p>Both headers <em class=ct>must not</em> be modified if they are
1.270   ! avankest 1300:      already set through <a
        !          1301:      href="#setrequestheader"><code>setRequestHeader()</code></a>.
1.233     avankest 1302: 
                   1303:    <li>
1.270   ! avankest 1304:     <p>If not set through <a
        !          1305:      href="#setrequestheader"><code>setRequestHeader()</code></a>
1.257     avankest 1306:      <code>Accept-Language</code> <em class=ct>should</em> be set as
1.233     avankest 1307:      appropriate.
                   1308: 
                   1309:    <li>
1.270   ! avankest 1310:     <p>If not set through <a
        !          1311:      href="#setrequestheader"><code>setRequestHeader()</code></a>
1.233     avankest 1312:      <code>Accept</code> <em class=ct>must</em> be set with as value
                   1313:      <code>*/*</code>.
                   1314:   </ul>
                   1315: 
                   1316:   <p>Responses <em class=ct>must</em> have the content-encodings
1.250     avankest 1317:    automatically decoded. [<cite><a href="#rfc-rfc2616">RFC2616</a></cite>]
1.214     avankest 1318: 
1.264     avankest 1319:   <hr>
                   1320: 
1.214     avankest 1321:   <p>Besides the <a href="#author-request-headers">author request headers</a>
                   1322:    user agents <em class=ct>should not</em> include additional request
                   1323:    headers other than those mentioned above or other than those authors are
1.270   ! avankest 1324:    not allowed to set using <a
        !          1325:    href="#setrequestheader"><code>setRequestHeader()</code></a>. This ensures
        !          1326:    that authors have a reasonably predictable API.
1.214     avankest 1327: 
1.250     avankest 1328:   <h4 id=infrastructure-for-the-send-method><span class=secno>3.6.4.
1.214     avankest 1329:    </span>Infrastructure for the <code title="">send()</code> method</h4>
                   1330: 
1.221     avankest 1331:   <p>The <dfn id=same-origin-request-event-rules>same-origin request event
                   1332:    rules</dfn> are as follows:
1.205     avankest 1333: 
                   1334:   <dl class=switch>
                   1335:    <dt>If the response is an HTTP redirect
                   1336: 
                   1337:    <dd>
1.259     avankest 1338:     <p>If the <a href="#origin">origin</a> of the <a href="#url">URL</a>
                   1339:      conveyed by the <code title=http-location>Location</code> header is <a
                   1340:      href="#same-origin">same origin</a> with the <a
                   1341:      href="#xmlhttprequest-origin"><code>XMLHttpRequest</code> origin</a> and
                   1342:      the redirect does not violate infinite loop precautions, transparently
                   1343:      follow the redirect while observing the <a
1.221     avankest 1344:      href="#same-origin-request-event-rules">same-origin request event
                   1345:      rules</a>.</p>
1.205     avankest 1346: 
1.250     avankest 1347:     <p>Otherwise, this is a <a href="#network-error">network error</a>.</p>
                   1348: 
1.205     avankest 1349:     <p class=note>HTTP places requirements on the user agent regarding the
1.206     avankest 1350:      preservation of the <a href="#request-method">request method</a> and <a
                   1351:      href="#request-entity-body">request entity body</a> during redirects,
1.229     avankest 1352:      and also requires end users to be notified of certain kinds of automatic
1.205     avankest 1353:      redirections.</p>
                   1354:     <!-- XXX HTTP needs fixing here -->
                   1355: 
1.229     avankest 1356:    <dt>If the end user cancels the download
1.205     avankest 1357: 
1.215     avankest 1358:    <dd>
                   1359:     <p>This is an <a href="#abort-error">abort error</a>.
1.119     avankest 1360: 
1.216     avankest 1361:    <dt>In case of network errors
                   1362: 
1.215     avankest 1363:    <dd>
                   1364:     <p>In case of DNS errors, TLS negotiation failure, or other type of
                   1365:      network errors, this is a <a href="#network-error">network error</a>. Do
1.229     avankest 1366:      not request any kind of end user interaction.</p>
1.205     avankest 1367: 
1.215     avankest 1368:     <p class=note>This does not include HTTP responses that indicate some
                   1369:      type of error, such as HTTP status code 410.</p>
1.119     avankest 1370: 
1.215     avankest 1371:    <dt>Once all HTTP headers have been received and the <a
1.259     avankest 1372:     href="#asynchronous-flag">asynchronous flag</a> is true (and this is not
                   1373:     an HTTP redirect)
1.60      avankest 1374: 
1.215     avankest 1375:    <dd>
                   1376:     <p><a href="#switch-headers-received">Switch to the HEADERS_RECEIVED
                   1377:      state</a>.
1.60      avankest 1378: 
1.222     avankest 1379:    <dt>Once the first byte (or more) of the <a
                   1380:     href="#response-entity-body">response entity body</a> has been received
                   1381:     and the <a href="#asynchronous-flag">asynchronous flag</a> is true
                   1382: 
                   1383:    <dt>If there is no <a href="#response-entity-body">response entity
                   1384:     body</a> and the <a href="#asynchronous-flag">asynchronous flag</a> is
1.215     avankest 1385:     true
1.19      avankest 1386: 
1.222     avankest 1387:    <dd>
                   1388:     <p><a href="#switch-loading">Switch to the LOADING state</a>.
                   1389: 
                   1390:    <dt>Once the whole <a href="#response-entity-body">response entity
                   1391:     body</a> has been received
                   1392: 
                   1393:    <dt>If there is no <a href="#response-entity-body">response entity
1.226     avankest 1394:     body</a> and the <a href="#asynchronous-flag">asynchronous flag</a> is
                   1395:     false or the state is <a href="#loading-state" title="LOADING
1.223     avankest 1396:     state">LOADING</a>
1.185     avankest 1397: 
1.215     avankest 1398:    <dd>
1.222     avankest 1399:     <p><a href="#switch-done">Switch to the DONE state</a>.
1.215     avankest 1400:   </dl>
1.6       avankest 1401: 
1.215     avankest 1402:   <hr>
1.6       avankest 1403: 
1.215     avankest 1404:   <p>When something is said to be a <dfn id=network-error>network error</dfn>
1.270   ! avankest 1405:    run the <a href="#request-error">request error</a> steps for exception <a
        !          1406:    href="#network-err"><code>NETWORK_ERR</code></a>.
1.62      avankest 1407: 
1.243     avankest 1408:   <p>When something is said to be an <dfn id=abort-error>abort error</dfn>
1.270   ! avankest 1409:    run the <a href="#request-error">request error</a> steps for exception <a
        !          1410:    href="#abort-err"><code>ABORT_ERR</code></a>.
1.84      avankest 1411: 
1.244     avankest 1412:   <p>When something is said to be a <dfn id=request-error>request error</dfn>
                   1413:    for exception <var>exception</var> run these steps:
1.60      avankest 1414: 
1.256     avankest 1415:   <ol>
                   1416:    <li>
                   1417:     <p>The user agent <em class=ct>should</em> cancel any network activity
                   1418:      for which the object is responsible.
                   1419: 
                   1420:    <li>
                   1421:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                   1422:      object's <a
                   1423:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                   1424:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                   1425:      remove those tasks.
1.252     avankest 1426: 
1.215     avankest 1427:    <li>
                   1428:     <p>Set the <a href="#response-entity-body">response entity body</a> to
                   1429:      null.
1.205     avankest 1430: 
1.215     avankest 1431:    <li>
1.256     avankest 1432:     <p>Empty the list of <a href="#author-request-headers">author request
                   1433:      headers</a>.
1.205     avankest 1434: 
1.215     avankest 1435:    <li>
1.256     avankest 1436:     <p>Set the the <a href="#error-flag">error flag</a> to true.
1.205     avankest 1437: 
1.215     avankest 1438:    <li>
                   1439:     <p>Switch the state to <a href="#done-state" title="DONE state">DONE</a>.
1.205     avankest 1440: 
1.215     avankest 1441:    <li>
                   1442:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
1.243     avankest 1443:      raise an <var>exception</var> exception and terminate the overall set of
                   1444:      steps.
1.205     avankest 1445: 
1.215     avankest 1446:    <li>
1.251     avankest 1447:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.250     avankest 1448:      <code>readystatechange</code> event</a>.</p>
                   1449: 
                   1450:     <p class=note>At this point it is clear that the <a
                   1451:      href="#asynchronous-flag">asynchronous flag</a> is true.</p>
1.205     avankest 1452: 
1.215     avankest 1453:    <li>
1.250     avankest 1454:     <p>Terminate the overall algorithm.
1.215     avankest 1455:   </ol>
1.6       avankest 1456: 
1.250     avankest 1457:   <p class=note>A future version of this specification will dispatch an
1.270   ! avankest 1458:    <code>error</code>/<a href="#abort"><code>abort</code></a> event here as
1.250     avankest 1459:    well. (Depending on the type of error.)
1.6       avankest 1460: 
1.215     avankest 1461:   <hr>
1.2       avankest 1462: 
1.215     avankest 1463:   <p>When it is said to <dfn id=switch-headers-received>switch to the
                   1464:    HEADERS_RECEIVED state</dfn> run these steps:
1.60      avankest 1465: 
1.215     avankest 1466:   <ol>
                   1467:    <li>
                   1468:     <p>Switch the state to <a href="#headers-received-state"
                   1469:      title="HEADERS_RECEIVED state">HEADERS_RECEIVED</a>.
1.125     avankest 1470: 
1.215     avankest 1471:    <li>
1.251     avankest 1472:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.215     avankest 1473:      <code>readystatechange</code> event</a>.
                   1474:   </ol>
1.205     avankest 1475: 
1.215     avankest 1476:   <p>When it is said to <dfn id=switch-loading>switch to the LOADING
                   1477:    state</dfn> run these steps:
1.205     avankest 1478: 
1.215     avankest 1479:   <ol>
                   1480:    <li>
                   1481:     <p>Switch the state to <a href="#loading-state" title="LOADING
                   1482:      state">LOADING</a>.
1.17      avankest 1483: 
1.215     avankest 1484:    <li>
1.251     avankest 1485:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.215     avankest 1486:      <code>readystatechange</code> event</a>.
                   1487:   </ol>
1.205     avankest 1488: 
1.218     avankest 1489:   <p>When it is said to <dfn id=switch-done>switch to the DONE state</dfn>
                   1490:    run these steps:
                   1491: 
                   1492:   <ol>
                   1493:    <li>
1.257     avankest 1494:     <p>If the <a href="#asynchronous-flag">asynchronous flag</a> is false
                   1495:      update the <a href="#response-entity-body">response entity body</a>.
                   1496: 
                   1497:    <li>
1.218     avankest 1498:     <p>Switch the state to <a href="#done-state" title="DONE state">DONE</a>.
                   1499: 
                   1500:    <li>
1.250     avankest 1501:     <p><a href="#dispatch-readystatechange-event">Dispatch a
1.218     avankest 1502:      <code>readystatechange</code> event</a>.
                   1503:   </ol>
                   1504: 
1.250     avankest 1505:   <h4 id=the-abort-method><span class=secno>3.6.5. </span>The <code
1.205     avankest 1506:    title="">abort()</code> method</h4>
                   1507: 
                   1508:   <p>When the <dfn id=abort><code>abort()</code></dfn> method is invoked, the
1.219     avankest 1509:    user agent <em class=ct>must</em> run these steps (unless otherwise
                   1510:    noted):
1.205     avankest 1511: 
                   1512:   <ol>
                   1513:    <li>
                   1514:     <p><a href="#abort-send-algorithm" title="abort send()">Abort the
                   1515:      <code>send()</code> algorithm</a>.
1.202     avankest 1516: 
1.205     avankest 1517:    <li>
                   1518:     <p>The user agent <em class=ct>should</em> cancel any network activity
                   1519:      for which the object is responsible.
1.254     avankest 1520: 
                   1521:    <li>
                   1522:     <p>If there are any <a href="#task" title=task>tasks</a> from the
                   1523:      object's <a
                   1524:      href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task
                   1525:      source</a> in one of the <a href="#task-queues">task queues</a>, then
                   1526:      remove those tasks.
1.205     avankest 1527: 
                   1528:    <li>
                   1529:     <p>Set the <a href="#response-entity-body">response entity body</a> to
                   1530:      null.
                   1531: 
                   1532:    <li>
1.254     avankest 1533:     <p>Empty the list of <a href="#author-request-headers">author request
                   1534:      headers</a>.
1.205     avankest 1535: 
                   1536:    <li>
1.254     avankest 1537:     <p>Set the <a href="#error-flag">error flag</a> to true.
1.205     avankest 1538: 
                   1539:    <li>
                   1540:     <p>If the state is <a href="#unsent-state" title="UNSENT
                   1541:      state">UNSENT</a>, <a href="#opened-state" title="OPENED
                   1542:      state">OPENED</a> with the <a href="#send-flag"><code>send()</code>
                   1543:      flag</a> being false, or <a href="#done-state" title="DONE
                   1544:      state">DONE</a> go to the next step.</p>
                   1545: 
                   1546:     <p>Otherwise run these substeps:</p>
                   1547: 
                   1548:     <ol>
1.202     avankest 1549:      <li>
1.205     avankest 1550:       <p>Switch the state to <a href="#done-state" title="DONE
                   1551:        state">DONE</a>.
1.77      avankest 1552: 
                   1553:      <li>
1.205     avankest 1554:       <p>Set the <a href="#send-flag"><code>send()</code> flag</a> to false.
1.77      avankest 1555: 
                   1556:      <li>
1.205     avankest 1557:       <p><a href="#dispatch-readystatechange-event">Dispatch a
                   1558:        <code>readystatechange</code> event</a>.
1.60      avankest 1559:     </ol>
1.17      avankest 1560: 
1.252     avankest 1561:     <p class=note>A future version of this specification will dispatch an
                   1562:      <code title=abort-event>abort</code> event here.</p>
1.220     avankest 1563: 
1.205     avankest 1564:    <li>
                   1565:     <p>Switch the state to <a href="#unsent-state" title="UNSENT
                   1566:      state">UNSENT</a>.</p>
                   1567: 
                   1568:     <p class=note>No <code>readystatechange</code> event is dispatched.</p>
                   1569:   </ol>
                   1570: 
1.250     avankest 1571:   <h3 id=response><span class=secno>3.7. </span>Response</h3>
1.205     avankest 1572: 
1.250     avankest 1573:   <h4 id=the-status-attribute><span class=secno>3.7.1. </span>The <code
1.205     avankest 1574:    title="">status</code> attribute</h4>
                   1575: 
                   1576:   <p>The <dfn id=status><code>status</code></dfn> attribute <em
1.224     avankest 1577:    class=ct>must</em> return the result of running these steps:
                   1578: 
                   1579:   <ol>
                   1580:    <li>
                   1581:     <p>If the state is <a href="#unsent-state" title="UNSENT
                   1582:      state">UNSENT</a> or <a href="#opened-state" title="OPENED
1.241     avankest 1583:      state">OPENED</a> return 0 and terminate these steps.
1.224     avankest 1584: 
                   1585:    <li>
1.241     avankest 1586:     <p>If the <a href="#error-flag">error flag</a> is true return 0 and
                   1587:      terminate these steps.
1.224     avankest 1588: 
                   1589:    <li>
                   1590:     <p>Return the HTTP status code.
                   1591:   </ol>
1.205     avankest 1592: 
1.250     avankest 1593:   <h4 id=the-statustext-attribute><span class=secno>3.7.2. </span>The <code
1.205     avankest 1594:    title="">statusText</code> attribute</h4>
                   1595: 
                   1596:   <p>The <dfn id=statustext><code>statusText</code></dfn> attribute <em
1.224     avankest 1597:    class=ct>must</em> return the result of running these steps:
                   1598: 
                   1599:   <ol>
                   1600:    <li>
                   1601:     <p>If the state is <a href="#unsent-state" title="UNSENT
                   1602:      state">UNSENT</a> or <a href="#opened-state" title="OPENED
1.241     avankest 1603:      state">OPENED</a> return the empty string and terminate these steps.
1.224     avankest 1604: 
                   1605:    <li>
                   1606:     <p>If the <a href="#error-flag">error flag</a> is true return the empty
                   1607:      string and terminate these steps.
                   1608: 
                   1609:    <li>
                   1610:     <p>Return the HTTP status text.
                   1611:   </ol>
1.205     avankest 1612: 
1.250     avankest 1613:   <h4 id=the-getresponseheader-method><span class=secno>3.7.3. </span>The
1.205     avankest 1614:    <code title="">getResponseHeader()</code> method</h4>
                   1615: 
                   1616:   <p>When the <dfn id=getresponseheader
                   1617:    title=getresponseheader><code>getResponseHeader(<var>header</var>)</code></dfn>
1.219     avankest 1618:    is invoked, the user agent <em class=ct>must</em> run these steps:
1.205     avankest 1619: 
                   1620:   <ol>
                   1621:    <li>
                   1622:     <p>If the state is <a href="#unsent-state" title="UNSENT
                   1623:      state">UNSENT</a> or <a href="#opened-state" title="OPENED
1.241     avankest 1624:      state">OPENED</a> return null and terminate these steps.
1.205     avankest 1625: 
                   1626:    <li>
1.241     avankest 1627:     <p>If the <a href="#error-flag">error flag</a> is true return null and
                   1628:      terminate these steps.
1.205     avankest 1629: 
                   1630:    <li>
1.258     avankest 1631:     <p>If any code point in <var>header</var> is higher than U+00FF LATIN
                   1632:      SMALL LETTER Y WITH DIAERESIS return null and terminate these steps.
                   1633: 
                   1634:    <li>
1.260     avankest 1635:     <p>Let <var>header</var> be the result of <span title="deflate a
                   1636:      DOMString into an byte sequence">deflating</span> <var>header</var>.
1.258     avankest 1637:    </li>
                   1638:    <!-- This sounds lame, but it works. -->
1.205     avankest 1639: 
                   1640:    <li>
1.258     avankest 1641:     <p>If <var>header</var> is a case-insensitive match for
                   1642:      <code>Set-Cookie</code> or <code>Set-Cookie2</code> return null and
1.205     avankest 1643:      terminate these steps.
                   1644: 
                   1645:    <li>
1.258     avankest 1646:     <p>If <var>header</var> is a case-insensitive match for multiple HTTP
1.260     avankest 1647:      response headers, return the <span title="inflate an byte sequence into
                   1648:      a DOMString">inflated</span> values of these headers as a single
                   1649:      concatenated string separated from each other by a U+002C COMMA U+0020
                   1650:      SPACE character pair and terminate these steps.
1.258     avankest 1651: 
                   1652:    <li>
                   1653:     <p>If <var>header</var> is a case-insensitive match for a single HTTP
1.260     avankest 1654:      response header, return the <span title="inflate an byte sequence into a
                   1655:      DOMString">inflated</span> value of that header and terminate these
                   1656:      steps.
1.205     avankest 1657: 
                   1658:    <li>
1.241     avankest 1659:     <p>Return null.
1.205     avankest 1660:   </ol>
                   1661: 
                   1662:   <div class=example>
1.252     avankest 1663:    <p>For the following script:</p>
                   1664: 
                   1665:    <pre><code>var client = new XMLHttpRequest();
                   1666: client.open("GET", "unicorns-are-teh-awesome.txt", true);
1.6       avankest 1667: client.send();
1.16      avankest 1668: client.onreadystatechange = function() {
1.252     avankest 1669:   if(this.readyState == 2) {
                   1670:     print(client.getResponseHeader("Content-Type"));
                   1671:   }
                   1672: }</code></pre>
                   1673: 
                   1674:    <p>The <code>print()</code> function will get to process something like:</p>
1.1       avankest 1675: 
1.252     avankest 1676:    <pre><code>text/plain; charset=UTF-8</code></pre>
1.205     avankest 1677:   </div>
                   1678: 
1.250     avankest 1679:   <h4 id=the-getallresponseheaders-method><span class=secno>3.7.4. </span>The
1.205     avankest 1680:    <code title="">getAllResponseHeaders()</code> method</h4>
1.2       avankest 1681: 
1.205     avankest 1682:   <p>When the <dfn
                   1683:    id=getallresponseheaders><code>getAllResponseHeaders()</code></dfn> method
                   1684:    is invoked, the user agent <em class=ct>must</em> run the following steps:
1.6       avankest 1685: 
1.205     avankest 1686:   <ol>
                   1687:    <li>
                   1688:     <p>If the state is <a href="#unsent-state" title="UNSENT
                   1689:      state">UNSENT</a> or <a href="#opened-state" title="OPENED
1.241     avankest 1690:      state">OPENED</a> return the empty string and terminate these steps.
1.205     avankest 1691: 
                   1692:    <li>
                   1693:     <p>If the <a href="#error-flag">error flag</a> is true return the empty
                   1694:      string and terminate these steps.
                   1695: 
                   1696:    <li>
1.258     avankest 1697:     <p>Return all the HTTP headers, excluding headers that are a
                   1698:      case-insensitive match for <code>Set-Cookie</code> or
1.260     avankest 1699:      <code>Set-Cookie2</code>, <span title="inflate an byte sequence into a
                   1700:      DOMString">inflated</span>, as a single string, with each header line
                   1701:      separated by a U+000D CR U+000A LF pair, excluding the status line, and
                   1702:      with each header name and header value separated by a U+003A COLON
                   1703:      U+0020 SPACE pair.
1.205     avankest 1704:   </ol>
                   1705: 
                   1706:   <div class=example>
1.252     avankest 1707:    <p>For the following script:</p>
                   1708: 
                   1709:    <pre><code>var client = new XMLHttpRequest();
                   1710: client.open("GET", "narwhals-too.txt", true);
1.205     avankest 1711: client.send();
                   1712: client.onreadystatechange = function() {
                   1713:  if(this.readyState == 2) {
                   1714:   print(this.getAllResponseHeaders());
                   1715:  }
1.252     avankest 1716: }</code></pre>
                   1717: 
                   1718:    <p>The <code>print()</code> function will get to process something like:</p>
1.205     avankest 1719: 
1.252     avankest 1720:    <pre><code>Date: Sun, 24 Oct 2004 04:58:38 GMT
1.205     avankest 1721: Server: Apache/1.3.31 (Unix)
                   1722: Keep-Alive: timeout=15, max=99
                   1723: Connection: Keep-Alive
                   1724: Transfer-Encoding: chunked
                   1725: Content-Type: text/plain; charset=utf-8</code></pre>
                   1726:   </div>
                   1727: 
1.250     avankest 1728:   <h4 id=response-entity-body0><span class=secno>3.7.5. </span>Response
1.248     avankest 1729:    Entity Body</h4>
1.250     avankest 1730: 
                   1731:   <p>The <dfn id=response-mime-type>response MIME type</dfn> is the MIME type
                   1732:    the <code>Content-Type</code> header contains without any parameters or
                   1733:    null if the header could not be parsed properly or was omitted. The <dfn
                   1734:    id=override-mime-type>override MIME type</dfn> is always null. <dfn
                   1735:    id=final-mime-type>Final MIME type</dfn> is the override MIME type unless
                   1736:    that is null in which case it is the response MIME type.
                   1737: 
                   1738:   <p>The <dfn id=response-charset>response charset</dfn> is the value of the
                   1739:    <code>charset</code> parameter of the <code>Content-Type</code> header or
                   1740:    null if there was no <code>charset</code> parameter or if the header could
                   1741:    not be parsed properly or was omitted. The <dfn
                   1742:    id=override-charset>override charset</dfn> is always null. <dfn
                   1743:    id=final-charset>Final charset</dfn> is the override charset unless that
                   1744:    is null in which case it is the response charset.
                   1745: 
                   1746:   <p class=note><a href="#override-mime-type">Override MIME type</a> and <a
                   1747:    href="#override-charset">override charset</a> are introduced here solely
                   1748:    to make editing several levels of XMLHttpRequest simultaneously somewhat
                   1749:    easier. Apologies for any confusion they might cause.
                   1750: 
                   1751:   <hr>
1.205     avankest 1752: 
                   1753:   <p>The <dfn id=response-entity-body>response entity body</dfn> is the
1.257     avankest 1754:    fragment of the <a href="#entity-body">entity body</a> of the response
                   1755:    received so far (<a href="#loading-state" title="LOADING
                   1756:    state">LOADING</a>) or the complete entity body of the response (<a
                   1757:    href="#done-state" title="DONE state">DONE</a>). If the response does not
                   1758:    have an entity body the response entity body is null.
                   1759: 
                   1760:   <p class=note>The <a href="#response-entity-body">response entity body</a>
1.270   ! avankest 1761:    is updated as part of the <a href="#send"><code>send()</code></a>
1.257     avankest 1762:    algorithm.
1.205     avankest 1763: 
                   1764:   <hr>
                   1765: 
                   1766:   <p>The <dfn id=text-response-entity-body>text response entity body</dfn> is
                   1767:    a <code>DOMString</code> representing the <a
1.250     avankest 1768:    href="#response-entity-body">response entity body</a>. The text response
                   1769:    entity body is the return value of the following algorithm:
1.205     avankest 1770: 
                   1771:   <ol>
                   1772:    <li>
1.250     avankest 1773:     <p>If the response entity body is null return the empty string and
                   1774:      terminate these steps.</p>
                   1775: 
                   1776:    <li>
                   1777:     <p>Let <var>charset</var> be the <a href="#final-charset">final
                   1778:      charset</a>.
1.205     avankest 1779: 
                   1780:    <li>
1.250     avankest 1781:     <p>Let <var>mime</var> be the <a href="#final-mime-type">final MIME
                   1782:      type</a>.
1.205     avankest 1783: 
                   1784:    <li>
1.250     avankest 1785:     <p>If <var>charset</var> is null and <var>mime</var> is null,
1.205     avankest 1786:      <code>text/xml</code>, <code>application/xml</code> or ends in <code
1.250     avankest 1787:      title="">+xml</code> use the rules set forth in the XML specifications
                   1788:      to determine the character encoding. Let <var>charset</var> be the
                   1789:      determined character encoding.
1.205     avankest 1790: 
                   1791:    <li>
1.250     avankest 1792:     <p>If <var>charset</var> is null and <var>mime</var> is
                   1793:      <code>text/html</code> follow the rules set forth in the HTML
                   1794:      specification to determine the character encoding. Let
1.205     avankest 1795:      <var>charset</var> be the determined character encoding. [<cite><a
                   1796:      href="#ref-html5">HTML5</a></cite>]
                   1797: 
                   1798:    <li>
                   1799:     <p>If <var>charset</var> is null then, for each of the rows in the
                   1800:      following table, starting with the first one and going down, if the
                   1801:      first bytes of <var>bytes</var> match the bytes given in the first
                   1802:      column, then let <var>charset</var> be the encoding given in the cell in
                   1803:      the second column of that row. If there is no match <var>charset</var>
                   1804:      remains null.</p>
                   1805: 
                   1806:     <table>
                   1807:      <thead>
                   1808:       <tr>
                   1809:        <th>Bytes in Hexadecimal
                   1810: 
                   1811:        <th>Description
                   1812: 
1.239     avankest 1813:      <tbody>
1.205     avankest 1814:       <tr>
                   1815:        <td>FE FF
                   1816: 
                   1817:        <td>UTF-16BE BOM
                   1818: 
                   1819:       <tr>
                   1820:        <td>FF FE
                   1821: 
                   1822:        <td>UTF-16LE BOM
                   1823: 
                   1824:       <tr>
                   1825:        <td>EF BB BF
                   1826: 
1.239     avankest 1827:        <td>UTF-8 BOM
1.205     avankest 1828:     </table>
                   1829: 
                   1830:    <li>
                   1831:     <p>If <var>charset</var> is null let <var>charset</var> be UTF-8.
                   1832: 
                   1833:    <li>
                   1834:     <p>Return the result of decoding the response entity body using
                   1835:      <var>charset</var>. Replace bytes or sequences of bytes that are not
1.250     avankest 1836:      valid accordng to the <var>charset</var> with a single U+FFFD
1.205     avankest 1837:      REPLACEMENT CHARACTER character.
                   1838:   </ol>
                   1839: 
                   1840:   <p class=note>Authors are strongly encouraged to encode their resources
                   1841:    using UTF-8.
                   1842: 
                   1843:   <hr>
                   1844: 
1.250     avankest 1845:   <p>The <dfn id=document-response-entity-body>document response entity
                   1846:    body</dfn> is either a <code>Document</code> representing the <a
                   1847:    href="#response-entity-body">response entity body</a> or null. The
                   1848:    document response entity body is the return value of the following
                   1849:    algorithm:
1.89      avankest 1850: 
1.205     avankest 1851:   <ol>
                   1852:    <li>
                   1853:     <p>If the <a href="#response-entity-body">response entity body</a> is
1.241     avankest 1854:      null terminate these steps and return null.
1.6       avankest 1855: 
1.205     avankest 1856:    <li>
1.250     avankest 1857:     <p>If <a href="#final-mime-type">final MIME type</a> is not null,
                   1858:      <code>text/xml</code>, <code>application/xml</code>, and does not end in
                   1859:      <code title="">+xml</code> terminate these steps and return null.
1.12      avankest 1860: 
1.205     avankest 1861:    <li>
1.268     avankest 1862:     <p>Let <var>document</var> be a <a
                   1863:      href="#cookie-free-document-object">cookie-free <code>Document</code>
                   1864:      object</a> that represents the result of parsing the response entity
                   1865:      body into a document tree following the rules from the XML
                   1866:      specifications. If this fails (unsupported character encoding, namespace
                   1867:      well-formedness error et cetera) terminate these steps return null.
                   1868:      [<cite><a href="#ref-xml">XML</a></cite>]</p>
1.6       avankest 1869: 
1.205     avankest 1870:     <p class=note>Scripts in the resulting document tree will not be
                   1871:      executed, resources referenced will not be loaded and no associated XSLT
                   1872:      will be applied.</p>
1.76      avankest 1873: 
1.205     avankest 1874:    <li>
1.250     avankest 1875:     <p>Return <var>document</var>.
1.205     avankest 1876:   </ol>
1.76      avankest 1877: 
1.250     avankest 1878:   <h4 id=the-responsetext-attribute><span class=secno>3.7.6. </span>The <code
1.205     avankest 1879:    title="">responseText</code> attribute</h4>
1.12      avankest 1880: 
1.205     avankest 1881:   <p>The <dfn id=responsetext><code>responseText</code></dfn> attribute <em
1.219     avankest 1882:    class=ct>must</em> return the result of running these steps:
1.6       avankest 1883: 
1.205     avankest 1884:   <ol>
                   1885:    <li>
                   1886:     <p>If the state is not <a href="#loading-state" title="LOADING
                   1887:      state">LOADING</a> or <a href="#done-state" title="DONE state">DONE</a>
                   1888:      return the empty string and terminate these steps.
1.12      avankest 1889: 
1.205     avankest 1890:    <li>
                   1891:     <p>Return the <a href="#text-response-entity-body">text response entity
                   1892:      body</a>.
                   1893:   </ol>
1.2       avankest 1894: 
1.250     avankest 1895:   <h4 id=the-responsexml-attribute><span class=secno>3.7.7. </span>The <code
1.205     avankest 1896:    title="">responseXML</code> attribute</h4>
1.2       avankest 1897: 
1.205     avankest 1898:   <p>The <dfn id=responsexml><code>responseXML</code></dfn> attribute <em
1.219     avankest 1899:    class=ct>must</em> return the result of running these steps:
1.2       avankest 1900: 
1.205     avankest 1901:   <ol>
                   1902:    <li>
                   1903:     <p>If the state is not <a href="#done-state" title="DONE state">DONE</a>
1.241     avankest 1904:      return null and terminate these steps.
1.2       avankest 1905: 
1.205     avankest 1906:    <li>
1.250     avankest 1907:     <p>Return the <a href="#document-response-entity-body">document response
                   1908:      entity body</a>.
1.205     avankest 1909:   </ol>
1.2       avankest 1910: 
1.250     avankest 1911:   <h2 id=exceptions><span class=secno>4. </span>Exceptions</h2>
1.33      avankest 1912: 
1.139     avankest 1913:   <p>Several algorithms in this specification may result in an exception
                   1914:    being thrown. These exceptions are all part of the group
1.186     avankest 1915:    <code>ExceptionCode</code> and use the <code>DOMException</code> object,
1.139     avankest 1916:    which is defined in DOM Level 3 Core. In addition this specification
                   1917:    extends the <code>ExceptionCode</code> group with several new constants as
1.146     avankest 1918:    indicated below. [<cite><a href="#ref-dom3core">DOM3Core</a></cite>]
1.139     avankest 1919: 
1.194     avankest 1920:   <p class=note>Thus, exceptions used by this specification and not defined
                   1921:    in this section are defined by DOM Level 3 Core.
                   1922: 
1.34      avankest 1923:   <pre
1.139     avankest 1924:    class=idl>const unsigned short <a href="#security-err">SECURITY_ERR</a> = 18;
1.200     avankest 1925: const unsigned short <a href="#network-err">NETWORK_ERR</a> = 19;
                   1926: const unsigned short <a href="#abort-err">ABORT_ERR</a> = 20;</pre>
1.33      avankest 1927: 
1.139     avankest 1928:   <p>The <dfn id=security-err><code>SECURITY_ERR</code></dfn> exception is
                   1929:    raised if an attempt is made to perform an operation or access some data
                   1930:    in a way that would be a security risk or a violation of the user agent's
                   1931:    security policy.</p>
                   1932:   <!-- http://lists.w3.org/Archives/Public/public-webapi/2006May/0027.html -->
                   1933: 
1.35      avankest 1934:   <p>The <dfn id=network-err><code>NETWORK_ERR</code></dfn> exception is
1.139     avankest 1935:    raised when a network error occurs in synchronous requests.
1.122     avankest 1936: 
1.139     avankest 1937:   <p>The <dfn id=abort-err><code>ABORT_ERR</code></dfn> exception is raised
1.122     avankest 1938:    when the user aborts a request in synchronous requests.
                   1939: 
1.242     avankest 1940:   <p class=note>These exceptions will be folded into an update of DOM Level 3
                   1941:    Core in due course, as they are appropriate for other API specifications
1.200     avankest 1942:    as well.
                   1943: 
1.31      avankest 1944:   <h2 class=no-num id=notcovered>Not in this Specification</h2>
                   1945: 
1.144     avankest 1946:   <p><em>This section is non-normative.</em>
1.31      avankest 1947: 
1.73      avankest 1948:   <p>This specification does not include the following features which are
                   1949:    being considered for a future version of this specification:
1.31      avankest 1950: 
                   1951:   <ul>
                   1952:    <li><code>load</code> event and <code>onload</code> attribute;
                   1953: 
                   1954:    <li><code>error</code> event and <code>onerror</code> attribute;
                   1955: 
                   1956:    <li><code>progress</code> event and <code>onprogress</code> attribute;
                   1957: 
                   1958:    <li><code title="">abort</code> event and <code>onabort</code> attribute;
                   1959: 
                   1960:    <li>Timers have been suggested, perhaps an <code>ontimeout</code>
                   1961:     attribute;
                   1962: 
                   1963:    <li>Property to disable following redirects;
                   1964: 
1.32      avankest 1965:    <li><code title="">responseXML</code> for <code>text/html</code>
                   1966:     documents;
1.31      avankest 1967: 
1.205     avankest 1968:    <li>Cross-origin <code title="">XMLHttpRequest</code>;
1.42      avankest 1969: 
1.88      avankest 1970:    <li><code>responseBody</code> to deal with byte streams;
1.42      avankest 1971: 
1.115     avankest 1972:    <li><code>overrideMimeType</code> to fix up MIME types;
                   1973: 
1.88      avankest 1974:    <li><code>getRequestHeader()</code> and
                   1975:     <code>removeRequestHeader()</code>.
1.31      avankest 1976:   </ul>
                   1977: 
1.250     avankest 1978:   <h2 class=no-num id=references>References</h2>
1.2       avankest 1979: 
1.178     avankest 1980:   <p>Unless marked "Non-normative" these references are normative.
                   1981: 
1.7       avankest 1982:   <dl>
1.232     avankest 1983:    <dt>[<dfn id=ref-cookies>COOKIES</dfn>]
1.205     avankest 1984: 
                   1985:    <dd><cite><a href="http://ietf.org/rfc/rfc2109">HTTP State Management
                   1986:     Mechanism</a></cite>, D. Kristol, L. Montulli, editors. IETF, February
                   1987:     1997.
                   1988: 
                   1989:    <dd><cite><a href="http://ietf.org/rfc/rfc2965">HTTP State Management
                   1990:     Mechanism</a></cite>, D. Kristol, L. Montulli, editors. IETF, October
                   1991:     2000.</dd>
                   1992:    <!-- XXX These specs do not match reality. Also, the latter obsoletes the
                   1993:    former -->
                   1994: 
1.156     avankest 1995:    <dt>[<dfn id=ref-dom2events>DOM2Events</dfn>]
                   1996: 
                   1997:    <dd><cite><a href="http://www.w3.org/TR/DOM-Level-2-Events/">Document
1.161     avankest 1998:     Object Model (DOM) Level 2 Events Specification</a></cite>, T. Pixley,
                   1999:     editor. W3C, November 2000.
1.156     avankest 2000: 
1.146     avankest 2001:    <dt>[<dfn id=ref-dom3core>DOM3Core</dfn>]
1.2       avankest 2002: 
1.15      avankest 2003:    <dd><cite><a href="http://www.w3.org/TR/DOM-Level-3-Core">Document Object
                   2004:     Model (DOM) Level 3 Core Specification</a></cite>, A. Le Hors, P. Le
1.140     avankest 2005:     H&eacute;garet, L. Wood, G. Nicol, J. Robie, M. Champion, S. Byrne,
                   2006:     editors. W3C, April 2004.
1.2       avankest 2007: 
1.39      avankest 2008:    <dt>[<dfn id=ref-ecmascript>ECMAScript</dfn>]
1.18      avankest 2009: 
                   2010:    <dd><cite><a
                   2011:     href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript
                   2012:     Language Specification</a></cite>, Third Edition. ECMA, December 1999.
                   2013: 
1.146     avankest 2014:    <dt>[<dfn id=ref-html5>HTML5</dfn>]
1.143     avankest 2015: 
1.252     avankest 2016:    <dd><cite><a href="http://www.w3.org/html/wg/html5/">HTML5</a></cite>
                   2017:     (work in progress), I. Hickson, D. Hyatt, editors. W3C, 2010.
1.172     avankest 2018: 
                   2019:    <dd><cite><a
1.252     avankest 2020:     href="http://www.whatwg.org/specs/html5/current-work/">HTML5</a></cite>
                   2021:     (work in progress), I. Hickson, editor. WHATWG, 2010.
1.18      avankest 2022: 
1.199     avankest 2023:    <dt>[<dfn id=ref-httpverbsec>HTTPVERBSEC</dfn>]
                   2024: 
                   2025:    <dd>(Non-normative) <cite><a
                   2026:     href="http://www.kb.cert.org/vuls/id/867593">Multiple vendors' web
                   2027:     servers enable HTTP TRACE method by default</a></cite>, US-CERT.
                   2028: 
                   2029:    <dd>(Non-normative) <cite><a
                   2030:     href="http://www.kb.cert.org/vuls/id/288308">Microsoft Internet
                   2031:     Information Server (IIS) vulnerable to cross-site scripting via HTTP
                   2032:     TRACK method</a></cite>, US-CERT.
                   2033: 
                   2034:    <dd>(Non-normative) <cite><a
                   2035:     href="http://www.kb.cert.org/vuls/id/150227">HTTP proxy default
                   2036:     configurations allow arbitrary TCP connections</a></cite>, US-CERT.
                   2037: 
1.250     avankest 2038:    <dt>[<dfn id=ref-rfc2046>RFC2046</dfn>]
                   2039: 
                   2040:    <dd><cite><a href="http://ietf.org/rfc/rfc2046">Multipurpose Internet Mail
                   2041:     Extensions (MIME) Part Two: Media Types</a></cite>, N. Freed, N.
                   2042:     Borenstein, editors. IETF, November 1996.
                   2043: 
1.146     avankest 2044:    <dt>[<dfn id=ref-rfc2119>RFC2119</dfn>]
1.15      avankest 2045: 
1.118     avankest 2046:    <dd><cite><a href="http://ietf.org/rfc/rfc2119">Key words for use in RFCs
                   2047:     to Indicate Requirement Levels</a></cite>, S. Bradner. IETF, March 1997.
1.15      avankest 2048: 
1.250     avankest 2049:    <dt>[<dfn id=rfc-rfc2616>RFC2616</dfn>]
1.15      avankest 2050: 
                   2051:    <dd><cite><a href="http://ietf.org/rfc/rfc2616">Hypertext Transfer
                   2052:     Protocol -- HTTP/1.1</a></cite>, R. Fielding, J. Gettys, J. Mogul, H.
1.93      avankest 2053:     Frystyk, L. Masinter, P. Leach, T. Berners-Lee, editors. IETF, June 1999.
1.15      avankest 2054: 
1.39      avankest 2055:    <dt>[<dfn id=ref-rfc2617>RFC2617</dfn>]
1.15      avankest 2056: 
                   2057:    <dd><cite><a href="http://ietf.org/rfc/rfc2617">HTTP Authentication: Basic
1.93      avankest 2058:     and Digest Access Authentication</a></cite>, P. Hallam-Baker, J.
                   2059:     Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart, editors. IETF,
                   2060:     June 1999.
1.2       avankest 2061: 
1.39      avankest 2062:    <dt>[<dfn id=ref-rfc3986>RFC3986</dfn>]
1.2       avankest 2063: 
1.15      avankest 2064:    <dd><cite><a href="http://ietf.org/rfc/rfc3986">Uniform Resource
                   2065:     Identifier (URI): Generic Syntax</a></cite>, T. Berners-Lee, R. Fielding,
1.188     avankest 2066:     L. Masinter, editors. IETF, January 2005.
                   2067: 
1.250     avankest 2068:    <dt>[<dfn id=ref-rfc3987>RFC3987</dfn>]
                   2069: 
                   2070:    <dd><cite><a href="http://ietf.org/rfc/rfc3987">Internationalized Resource
                   2071:     Identifiers (IRIs)</a></cite>, M. Duerst, M. Suignard, editors. IETF,
                   2072:     January 2005. L. Masinter, editors. IETF, January 2005.
                   2073: 
1.205     avankest 2074:    <dt>[<dfn id=ref-webidl>WebIDL</dfn>]
1.182     avankest 2075: 
1.201     avankest 2076:    <dd><cite><a href="http://dev.w3.org/2006/webapi/WebIDL/">Web
1.252     avankest 2077:     IDL</a></cite> (work in progress), C. McCormack, editor. W3C, 2010.</dd>
                   2078:    <!-- XXX add Sam -->
1.182     avankest 2079: 
1.43      avankest 2080:    <dt>[<dfn id=ref-xml>XML</dfn>]
                   2081: 
                   2082:    <dd><cite><a href="http://www.w3.org/TR/xml/">Extensible Markup Language
1.205     avankest 2083:     (XML) 1.0 (Fifth Edition)</a></cite>, T. Bray, J. Paoli, C.
                   2084:     Sperberg-McQueen, E. Maler, F. Yergeau, editors. W3C, November 2008.
1.43      avankest 2085: 
                   2086:    <dd><cite><a href="http://www.w3.org/TR/xml-names/">Namespaces in XML
1.258     avankest 2087:     (Third Edition)</a></cite>, T. Bray, D. Hollander, A. Layman, R. Tobin,
                   2088:     H. S. Thompson, editors. W3C, December 2009.
1.2       avankest 2089:   </dl>
                   2090: 
1.131     avankest 2091:   <h2 class=no-num id=acknowledgments>Acknowledgments</h2>
1.2       avankest 2092: 
1.164     avankest 2093:   <p>The editor would like to thank Addison Phillips, Ahmed Kamel, Alex
                   2094:    Hopmann, Alex Vincent, Alexey Proskuryakov, Asbj&oslash;rn Ulsberg, Boris
                   2095:    Zbarsky, Bj&ouml;rn H&ouml;hrmann, Cameron McCormack, Christophe Jolif,
1.250     avankest 2096:    Charles McCathieNevile, Dan Winship, David Andersson, David
                   2097:    H&aring;s&auml;ther, David Levin, Dean Jackson, Denis Sureau, Doug
                   2098:    Schepers, Douglas Livingstone, Elliotte Harold, Eric Lawrence, Erik
                   2099:    Dahlstr&ouml;m, Geoffrey Sneddon, Gideon Cohn, Gorm Haug Eriksen,
                   2100:    H&aring;kon Wium Lie, Hallvord R. M. Steen, Huub Schaeks, Ian Davis, Ian
                   2101:    Hickson, Ivan Herman, Jeff Walden, Jens Lindstr&ouml;m, Jim Deegan, Jim
                   2102:    Ley, Joe Farro, Jonas Sicking, Julian Reschke, Karl Dubost, Lachlan Hunt,
                   2103:    Maciej Stachowiak, Magnus Kristiansen, Marc Hadley, Marcos Caceres, Mark
                   2104:    Baker, Mark Birbeck, Mark Nottingham, Martin Hassman, Mohamed Zergaoui,
1.266     avankest 2105:    Olli Pettay, Pawel Glowacki, Peter Michaux, Philip Taylor, Robin Berjon,
                   2106:    Rune Halvorsen, Ruud Steltenpool, Simon Pieters, Stewart Brodie, Sunava
                   2107:    Dutta, Thomas Roessler, Tom Magliery, and Zhenbin Xu for their
                   2108:    contributions to this specification.
1.2       avankest 2109: 
                   2110:   <p>Special thanks to the Microsoft employees who first implemented the
1.144     avankest 2111:    <code title="">XMLHttpRequest</code> interface, which was first widely
                   2112:    deployed by the Windows Internet Explorer browser.
1.2       avankest 2113: 
1.56      avankest 2114:   <p>Special thanks also to the WHATWG for drafting an initial version of
1.131     avankest 2115:    this specification in their Web Applications 1.0 document (now renamed to
1.252     avankest 2116:    HTML5). [<cite><a href="#ref-html5">HTML5</a></cite>]
1.2       avankest 2117: 
                   2118:   <p>Thanks also to all those who have helped to improve this specification
                   2119:    by sending suggestions and corrections. (Please, keep bugging us with your
                   2120:    issues!)

Webmaster