Cross-site HTTP requests

Cross-site HTTP requests are HTTP requests at URL addresses other than the domain of the resource making the request. The CORS specification allows the server side (that returns the resource we try to retrieve using the XHR object) to serve the resource to requests coming from resources that were served from other domains.

According to the CORS specification the server side that returns the requested resource can return the Access-Control-Allow-Origin header in order to specify domains that it will possible to initiate the request from resources they served.

The following code sample includes two files. The first is an HTML file that includes code in JavaScript that uses the XHR object in order to send an HTTP request at a URL address of another domain from which the HTML file is served.

<!DOCTYPE html>
<html>
<head>
    <title>simple demo for http access control</title>
</head>
<body>
    <div id="result"></div>
    <script type="text/javascript">
        var xhr = new XMLHttpRequest();
        xhr.open("GET","http://www.abelski.com/courses/ajax/data.php",true);
        xhr.onreadystatechange = function()
        {
            if((xhr.readyState==4) && (xhr.status = 200))
            {
                var ob = JSON.parse(xhr.responseText);
                var str = "name="+ob.name+" id="+ob.id+" average="+ob.average;
                var node = document.getElementById("result");
                node.innerHTML = str;
            }
        };
        xhr.send();
    </script>
</body>
</html>

The second file is a PHP file that its output is in the JSON format. The PHP file returns its output together with the HTTP header Access-Control-Allow-Origin.

<?php
header("Access-Control-Allow-Origin: http://localhost:8888");
?>
{
    "name":"dave",
    "id":123123,
    "average":94
}
?>

The following video clip overviews this code sample, shows its execution and explains each and every part it includes.

You can find more code samples, video clips and training material for learning this topic in my free online courses website at http://abelski.lifemichael.com.

Share:

The Visitor Design Pattern

The Visitor Design Pattern

The visitor design pattern allows us to add operations to objects that already exist without modifying their classes and without extending them.

What are Anti Patterns?

Anti Patterns

Unlike design patterns, anti patterns just seem to be a solution. However, they are not a solution and they cause additional costs.

Virtual Threads in Java Professional Seminar

Virtual Threads in Java

The use of virtual threads can assist us with improving the performance of our code. Learn how to use virtual threads effectively.

NoSQL Databases Courses, Seminars, Consulting, and Development

MongoDB Design Patterns Meetup

The use of MongoDB involves with various cases in which we can overcome performance issues by implementing specific design patterns.

image of woman and database

Record Classes in Java

Learn how to define record classes in Java, and when to use record classes in your code. Stay up to date with the new Java features.

Accessibility | Career | Conferences | Design Patterns | JavaScript | Meetups | PHP | Podcasts | Python | Self Learning

Teaching Methodologies | Fullstack | C++ | C# | CSS | Node.js | Angular | Java | Go | Android | Kotlin | Swift | Academy

Front End Development | Scala | Architectures | Cloud | Big Data | Internet of Things | Kids Learn Programming

The Beauty of Code

Coding is Art! Developing Code That Works is Simple. Develop Code with Style is a Challenge!

Skip to content Update cookies preferences