...or, 'How to Make One-Way Cross-Domain POST Requests with XmlHttpRequest'.
Most developers know about the same-origin policy when it comes to Ajax requests using XmlHttpRequest (XHR). Essentially, it means that an XHR request from the hosting domain cannot be made to any other domain. In fact, it is even more strict than other scripting and cookie policies in that it cant even be used across subdomains of the same domain.
"Great" I hear you say, "what good is it if we cant read the response?". Well, for plain-jane Ajax stuff where you are making requests to return JSON or HTML to update the page dynamically, it really isn’t useful at all. "And besides, we can already use JSONP and <iframes> and dynamic <script> tags to do cross-domain requests" you argue. True, but those techniques only allow GET requests – this cross-domain XHR request allows the full set of HTTP methods, including POST, so you can post form data using this technique.
And although the response is off-limits, we *can* get some indication of the result of the request. The
.status property is not allowed, but the
.statusText property is, sometimes, allowed. Why sometimes? I don’t know for sure, but in Firefox, if the request succeeds and returns a
200 OK response, the
.statusText can be read and returns 'OK'. (Conversely, if a 404 response is generated, the
.statusText property cannot even be read and throws an exception). So you can at least determine if your request made it to its destination and was successfully processed or not.
So what is it all good for? You can make fire-and-forget requests (a sort of web-based UDP protocol) where the responses don’t matter. Or you could have a backend system or API that only accepts data (think: analytics tracking service or notification service like notify.io). These might not be earth-shattering ideas, but I thought it was an interesting scenario to consider.
Anyway, maybe everybody already knew this except me and I am just years behind the times. But if not, maybe this will help someone out there who is looking for a creative solution to their problem.
* - Why yahoo.com? google.com doesn't allow POST requests and I didn’t want the 405 Method Not Allowed response to confuse people