Use XHR + POST for request if CORS supported #420
Conversation
| function makeRequest(opts) { | ||
| var hasCORS = | ||
| 'withCredentials' in new XMLHttpRequest() || | ||
| typeof XDomainRequest !== 'undefined'; |
There was a problem hiding this comment.
I'm not an expert here, so lemme get this straight:
- You're checking for either
XMLHttpRequestthat has the proper support. IsXMLHttpRequestguaranteed to exist? I assume if it's undefined, we'll have an issue callingnew XMLHttpRequest() - Then falling back to checking for
XDomainRequest, which is IE specific. This is great, but then insidemakeXhrRequest,XDomainRequestisn't used or even attempted to be used. So it's not clear to me what good this check is doing.
There was a problem hiding this comment.
Is XMLHttpRequest guaranteed to exist?
Realistically – yes, unless someone has removed it (e.g. the host page or a browser extension).
But I'll add the check.
Then falling back to checking for XDomainRequest, which is IE specific. This is great, but then inside makeXhrRequest, XDomainRequest isn't used or even attempted to be used. So it's not clear to me what good this check is doing.
Yep, that was a mistake.
There was a problem hiding this comment.
Realistically – yes, unless someone has removed it (e.g. the host page or a browser extension)
What about the IE case though since they use XDomainRequest? Or do I misunderstand this?
There was a problem hiding this comment.
What about the IE case though since they use XDomainRequest?
The XMLHttpRequest object still exists, and can be safely queried for presence of withCredentials.
There was a problem hiding this comment.
Ah, ok. I see. IE's XMLHttpRequest object just isn't capable of issuing a CORS request.
|
I've tested / verified the latest version with a grab bag of browsers:
|
Fixes #412