I had to hack the new prototype.js 1.5.0 release to revert to the 1.4 getTransport() order. The problem: IE7’s “native” XMLHttpRequest method won’t play nice with a <base> tag whose domain value is different than the domain value of the page’s URL.
Example:
url:
http://flop.net/bar.html
with:
<base href="http://foo.com/" />
then IE7 new XMLHttpRequest() for
'http://flop.net/ajax'
throws access denied error.
However, this works:
url:
http://flop.net/bar.html
with:
<base href="http://flop.net/">
then IE7 new XMLHttpRequest() for
'http://flop.net/ajax'
So we just revert to using ActiveX (the original Microsoft version for remote transport).
I see that YUI checks for transport the same way. So I expect their’s will break with IE7 too.
Here’s the diff:
var Ajax = {
getTransport: function() {
return Try.these(
- function() {return new XMLHttpRequest()},
function() {return new ActiveXObject('Msxml2.XMLHTTP')},
- function() {return new ActiveXObject('Microsoft.XMLHTTP')}
+ function() {return new ActiveXObject('Microsoft.XMLHTTP')},
+ function() {return new XMLHttpRequest()}
) || false;
},
I assume Microsoft changed this behaviour in IE7 in the name of security, but it is still a royal PITA.
Did I just miss the warning signs?
I don’t really see how this ‘security’ precaution actually makes anything more secure. If anything, in my case, not using the ‘base’ tag means my HTML would be lots more verbose, since I would need to specify the URL in every href link.