14 DAY TRIAL // Internet Explorer 8 cross domain capabilities are stuck, at least for the time being, with XDomainRequest. Microsoft is, of course, hard at work hammering on the Beta 2 for IE8, but also on expanding the cross domain scenarios that the browser will allow for AJAX developers. With Beta 1, Internet Explorer 8 delivers XdomainRequest, but Sunava Dutta, Microsoft AJAX Program Manager revealed that the software giant is also considering additional proposals and implementations with a strong focus on XMLHttpRequest.
"While XDomainRequest is focused on enabling anonymous access of third party public data, Cross Site XMLHttpRequest has added functionality and consequently enables a broader set of scenarios that may appeal to the developer who may choose to use cross domain authentication and access control among other features. As can be expected with securing a large cross section of cross domain scenarios, a number of concerns have been identified with the CS-XHR draft by the web development community, the IE team members and members of the Web Apps Working Group," Dutta explained.
The Cross Site XMLHttpRequest (CS-XHR) draft specification is a project from the W3C's Web Applications Working Group. However, the specification suffers in terms of security. In fact, Dutta has made a call to members of the web development community to provide input on XMLHttpRequest, informing that plans are in place to deliver support with Internet Explorer, but failing to point to a specific version of the browser.
"For a list of our recent feedback on security on CS-XHR and our take on important security principles in cross domain, please read our Security Whitepaper on Cross Domain. The paper also covers best practices and guidance for developers who will choose to build on the current draft if it's supported by a future browser. Note that issues here are currently being discussed and some concerns may be mitigated as the draft evolves," Dutta stated.
In this context, Microsoft is working to expand client side cross domain request beyond what it is already offering with Cross Document Messaging. Still, Internet Explorer 8 comes only with the XDomainRequest for AJAX developers that want to take advantage of cross domain public data.