{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Rolldiameter 的问题《cross-origin header in IE8/IE9》','https://www.manongdao.com/q-484962.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Since jQuery ajax ist not working for CORS/IE, I'm using XDomainRequest to retreive data from another Server. Work's fine, but I would like to send some header ('Authentification', 'content-type').
Is there a chance to add/change header in XDomainRequest?
Or does someone know a workaround?
This is what we did for IE.
If you have control over the target domain, host a (static) html file there. Include the html using the iframe.
Now this iframe does actually have access to the local domain, so you can communicate between the parent and child frame to get what you need.
This worked much better than XDomainRequest for us.
window.postMessage is the best way to setup the communication:
But I'm pretty sure that only started working since IE8. If you require older browsers as well, you must use a different hack.
In our case, this was our 3-layer system:
All of these options work well, are reliable and didn't feel too much like a hack. The secondary fallback was barely ever used.
Keep in mind that the 'Authentication' header specifically is special, and I would not be shocked that that's blocked under certain circumstances anyway. We added a custom header 'X-Authenticate' as it did pass through all the time.
IE's XDomainRequest does not allow custom headers to be set. See item #3 here: http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx The XDomainRequest object is locked down to the point where it is difficult to make authenticated requests.