Tuesday, August 1st, 2006

Cross Domain XHR with Dojo

Category: Dojo

The Dojo Toolkit can now do cross domain XHR using an iframe proxy.

There is detailed documentation here thanks to James Burke.



  1. dojo.require("dojo.io.*");
  2. dojo.require("dojo.io.XhrIframeProxy");
  4. dojo.io.bind({
  5.     iframeProxyUrl: "http://some.domain.com/path/to/xip_server.html",
  6.     url: "http:/some.domain.com/path/to/api",
  7.     load: function(type, data, evt, kwArgs){
  8.         /* do stuff with the result here */
  9.     }
  10. });

Posted by Dion Almaer at 10:53 am

3.4 rating from 33 votes


Comments feed TrackBack URI

Now this is the stuff dreams are made of.

Comment by Ken Fehling — August 1, 2006

That is quite neat. No immediately obvious XSS holes, too!

Comment by Neftaly Hernandez — August 1, 2006

Technically interesting, but completely slow and impractical technique. Chopping up data into URL sized fragments, encoding it, decoding it and reassembling it? Fine for less than 1K of data, but for AJAX applications with large datasets (250K+), it’s not practical.

Comment by zorba magnifico — August 1, 2006


Im trying to make an application to read a text file located on a different domain

for the example code above:
i put
iframeProxyUrl: “http://svn.dojotoolkit.org/dojo/trunk/src/io/xip_server.html”,

url: “http:/some.domain.com/path/to/api”
what would be an example of a path to api? is it the path to the text file i want to read? pleas help!

any help appreciated.

Comment by john — September 25, 2006

john: in your example, the xip_server.html file needs to be placed somewhere under the some.domain.com domain. Note that there is another file you need to implement, isAllowed.js, and that file needs to be in the same directory as xip_server.html on the some.domain.com domain. See xip_server.html for more info on isAllowed.js. Feel free to contact the dojo-interest list if you need more help.

Comment by James — September 26, 2006

Does it mean i can set url to any finalurl what i want
I tried this


it gives me an “uncaught exception: XmlHttpRequest.open pemmision denied”

Comment by Joshua — April 24, 2007

No, you cannot set the destination URL to just any server. If that was possible, that would be a serious security breach. The server you are trying contact has to host the xip_server.html file and allow your request in that file’s configuration.

Comment by James — April 26, 2007

I’m relatively new to Ajax and Dojo can someone explain what load: function(type, data, evt, kwArgs) these are? appreicate if a simple example is provided.

Comment by jaxson — March 31, 2008

Leave a comment

You must be logged in to post a comment.