Odd behaviour with XMLHttpRequest

[Yansky]

This just doesn't make sense. If I run the code below on this page

in my browser, it follows the
redirect to the new location.

var vidID = document.URL.split("v=")[1].split("&")[0];
var pD = document.getElementById('movie_player');
var fv = pD.getAttribute('flashvars')
var srcWithT = 'http://'+document.domain+'/get_video?video_id='+vidID
+'&t='+fv.split("t=")[1].split("&")[0];

var httpRequest = new XMLHttpRequest();

httpRequest.open("GET", srcWithT, true);
httpRequest.send(null);

httpRequest.onreadystatechange = function() {

if(httpRequest.readyState == 4){

alert(httpRequest.getAllResponseHeaders())

}

};

That shouldn't happen. The same-domain restriction is supposed to
prevent that isn't it?

 

[Yansky]

Yansky said the following on 1/26/2008 9:20 PM:

This just doesn't make sense. If I run the code below on this page

my browser, it follows the
redirect to the new location.

var vidID = document.URL.split("v=")[1].split("&")[0];
var pD = document.getElementById('movie_player');
var fv = pD.getAttribute('flashvars')
var srcWithT = 'http://'+document.domain+'/get_video?video_id='+vidID
+'&t='+fv.split("t=")[1].split("&")[0];

var httpRequest = new XMLHttpRequest();

httpRequest.open("GET", srcWithT, true);
httpRequest.send(null);

httpRequest.onreadystatechange = function() {

if(httpRequest.readyState == 4){



That shouldn't happen. The same-domain restriction is supposed to
prevent that isn't it?

Where are you "running the code below" on the youtube page? From the
location bar? What happens in the location bar has nothing to do with
cross-domain issues.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ -http://jibbering.com/faq/index.html
Javascript Best Practices -http://www.JavascriptToolbox.com/bestpractices/

Ah yes, I see. When I insert the code into the page as a script, the
same-domain restriction is applied.


var xhrScript = document.createElement('script');
xhrScript.type = "text/javascript";

xhrScript.innerHTML = "var vidID = document.URL.split('v=')
[1].split('&')[0];"+
"var pD = document.getElementById('movie_player');"+
"var fv = pD.getAttribute('flashvars');"+
"var srcWithT = 'http://'+document.domain+'/get_video?
video_id='+vidID+'&t='+fv.split('t=')[1].split('&')[0];"+
"var httpRequest = new XMLHttpRequest();"+

"httpRequest.onreadystatechange = function() { "+
"if(httpRequest.status == 303){"+
"var respHed = httpRequest.getResponseHeader('Location');"+

"if(respHed.indexOf('cache.googlevideo.com') > -1){"+

"respHed =
'http://'+httpRequest.getResponseHeader('Location').split('&origin=')
[1]+'/get_video?video_id='+vidID;"+

"}"+
"
alert(httpRequest.getResponseHeader('Location'));"+

"}"+

"};"+


"httpRequest.open('HEAD', srcWithT, true);"+
"httpRequest.send(null);";

document.getElementsByTagName('body')[0].appendChild(xhrScript);