Monday, 15 June 2015

javascript - Ajax: How to know if a user script implementation doesn't set the Origin header? -



javascript - Ajax: How to know if a user script implementation doesn't set the Origin header? -

some user script implementations (like google chrome) allow direct cross ajax requests, others don't, , utilize same origin policy restrictions. here's part of code:

/* * size of file. * @button current button downloading video. * @url http url of video. */ function setfilesize(button, url) { var ajax = new xmlhttprequest(); ajax.onloadend = function () { getresolution(button, url, ' - ' + (parseint(this.getresponseheader("content-length")) / 1048576).tofixed(3) + ' mo') } ajax.open('head', url, true); // <-- head allow info of headers. ajax.send(null); } /* * retrieve width , height mpeg-4 file. * width , height stored float values, width come next height within binary data. * there no fixed place in file. method them @ 10 bytes before "mdia". */ function getresolution(button, url, filesize) { var ajax = new xmlhttprequest(); ajax.onloadend = function () { var metadata = new dataview(this.response); (i = 0;(i < metadata.bytelength) && (metadata.getuint32(i) != 0x6d646961); += 32) {} // 0x6d646961="mdia" button.setattribute('title', metadata.getuint32(i - 14) + 'x' + metadata.getuint32(i - 10) + filesize); } ajax.responsetype = 'arraybuffer'; // want handle binary data. ajax.open('get', url, true); // <-- 'false' have been deprecated. ajax.setrequestheader('range', 'bytes=181-300'); // proceed partial download. ajax.send(null); }

the result server (https://cors-anywhere.herokuapp.com/) sends 400 error telling theoriginheader missing. browsers doesn't allows set theoriginheader quick , dirty hack set customx-requested-with. if old browser set theoriginheader correctly, create duplicate ofx-requested-with. here's code :

ajax.setrequestheader('x-requested-with', document.domain); // chrome doesn't back upwards setting 'origin' header automatically.

i can't utilize try statements since synchronous ajax requests got deprecated nor can set origin header. so, how can know if browser doesn't set particular header?

javascript ajax http-headers userscripts

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)