XMLHttpRequest Level 1 and Level 2 and CORS

 

Web follows same-origin policy. User-agent tries to protect the
interaction between multiple origin. If you want to learn more about
the origin, you should read the specification.
http://tools.ietf.org/html/draft-ietf-websec-origin-06

Early web always tries to interact only with the same domain.
Nowadays web tries to interact with multiple web sites.

When we learn about Cross domain requests in web, we tend to
see many specifications.
    http://dev.w3.org/2006/webapi/XMLHttpRequest/
    http://dev.w3.org/2006/webapi/XMLHttpRequest-2/
    http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html

As a web developer we always tries to understand the differences/similarities
between these specifications. I tried to google it for that
but i didn’t get the exact information that helps me to fill that gap.

To put it blindly…
    XMLHttpRequest Level 1 and Level 2 are API specification
    CORS is an general specification for Cross domain requests.

So how XMLHttpRequest Level 1 and Level 2 are different ?
    With XMLHttpRequest Level 1 API we can make only same-origin requests.
    With XMLHttpRequest Level 2 API we can make both same-origin and Cross-domain requests.

CORS enables XMLHttpRequest Level 2 API to make cross-domain requests.

Advertisements
This entry was posted in Web and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s