Cross-Site XMLHttpRequest in Firefox 3


Over at John Resig's blog (you may know John from his work on jQuery) he has an interesting post about using the XMLHttpRequest object to get cross-domain data without a cross-domain proxy in Firefox 3 (currently in beta). The built-in cross-site XMLHttpRequest feature is new to Firefox 3.

Below is an excerpt from John's post.

In a nutshell, there are two techniques that you can use to achieve your desired cross-site-request result: Specifying a special Access-Control header for your content or including an access-control processing instruction in your XML.
More information can be found in the documentation but here's a quick peek at what your code might look like:
An HTML document (served via PHP) that specifies an Access-Control header: (Demo - FF3 Only)

<?php header('Access-Control: allow <*>'); ?>
<b>John Resig</b>

An XML document that specifies an access-control processing instruction: (Demo - FF3 Only)

<?xml version="1.0" encoding="UTF-8"?>

<?access-control allow="*"?>
<simple><name>John Resig</name></simple>

Now what's especially nice about all this is that you don't have to change a single line of your client-side code to make this work! Take, for example, this page which requests an HTML file from a remote domain - and, specifically, the JavaScript within it:

var xhr = new XMLHttpRequest();"GET", "", true);

xhr.onreadystatechange = function(){
  if ( xhr.readyState == 4 ) {

    if ( xhr.status == 200 ) {
      document.body.innerHTML = "My Name is: " + xhr.responseText;

    } else {
      document.body.innerHTML = "ERROR";


You can read John's full post here.

As a person that loves the powers of web services from different domains (one thing I love about JSON is that by using DOM manipulation to load the code you can get around cross-domain issues without the overhead of a server side proxy) I hope that this feature catches on with more browsers as new versions of each browser is released so that it would have cross-browser support.

[...] Original post by Ajaxonomy - The Study of Ajax and Other Interesting Web Technologies [...]

It is not supported anymore in the latest release of FF3 build 5

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre> <div> <blockquote> <object> <embed> <img> <param>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Copy the characters (respecting upper/lower case) from the image.