--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/xhr-1/TR/Overview.html Tue Jan 28 12:47:35 2014 +0900
@@ -0,0 +1,2815 @@
+<!DOCTYPE html><html lang="en-US"><head>
+ <meta charset="utf-8">
+ <title>XMLHttpRequest Level 1</title>
+ <style>
+ pre.idl { border:solid thin; background:#eee; color:#000; padding:0.5em }
+ pre.idl :link, pre.idl :visited { color:inherit; background:transparent }
+ pre code { color:inherit; background:transparent }
+ .example { margin-left:1em; padding-left:1em; border-left:double; color:#222; background:#fcfcfc }
+ .note { margin-left:2em; font-weight:bold; font-style:italic; color:#008000 }
+ p.note::before { content:"Note: " }
+ .XXX { padding:.5em; border:solid #f00 }
+ p.XXX::before { content:"Issue: " }
+ dl.switch { padding-left:2em }
+ dl.switch > dt { text-indent:-1.5em }
+ dl.switch > dt:before { content:'\21AA'; padding:0 0.5em 0 0; display:inline-block; width:1em; text-align:right; line-height:0.5em }
+ dl.domintro { color: green; margin: 2em 0 2em 2em; padding: 0.5em 1em; border: none; background: #DDFFDD; }
+ dl.domintro dt, dl.domintro dt * { color: black; text-decoration: none; }
+ dl.domintro dd { margin: 0.5em 0 1em 2em; padding: 0; }
+ dl.domintro dd p { margin: 0.5em 0; }
+ dl.domintro:before { display: table; margin: -1em -0.5em -0.5em auto; width: auto; content: 'This box is non-normative. Implementation requirements are given below this box.'; color: red; border: solid 2px; background: white; padding: 0 0.25em; }
+ em.ct { text-transform:lowercase; font-variant:small-caps; font-style:normal }
+ dfn { font-weight:bold; font-style:normal }
+ code { color:orangered }
+ code :link, code :visited { color:inherit }
+ hr:not(.top) { display:block; background:none; border:none; padding:0; margin:2em 0; height:auto }
+ table { border-collapse:collapse; border-style:hidden hidden none hidden }
+ table thead { border-bottom:solid }
+ table tbody th:first-child { border-left:solid }
+ table td, table th { border-left:solid; border-right:solid; border-bottom:solid thin; vertical-align:top; padding:0.2em }
+ </style>
+ <link href="https://www.w3.org/StyleSheets/TR/W3C-WD" rel="stylesheet">
+ </head>
+ <body>
+ <div class="head">
+
+<!--begin-logo-->
+<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="https://www.w3.org/Icons/w3c_home" width="72"></a></p>
+<!--end-logo-->
+
+
+ <h1 class="head" id="xmlhttprequest-ls">XMLHttpRequest Level 1</h1>
+
+ <h2 class="no-num no-toc" id="w3c-doctype">W3C Working Draft 28 January 2014</h2>
+
+ <dl>
+ <dt>This Version:</dt>
+ <dd class="publish"><a href="http://www.w3.org/TR/2014/WD-XMLHttpRequest-20140128/">http://www.w3.org/TR/2014/WD-XMLHttpRequest-20140128/</a></dd>
+
+ <dt class="publish">Latest Version:</dt>
+ <dd class="publish"><a href="http://www.w3.org/TR/XMLHttpRequest/">http://www.w3.org/TR/XMLHttpRequest/</a></dd>
+
+ <dt class="publish">Latest Editor Draft:</dt>
+ <dd class="publish"><a href="http://dvcs.w3.org/hg/xhr/xhr-1/raw-file/tip/Overview.html">http://dvcs.w3.org/hg/xhr/xhr-1/raw-file/tip/Overview.html</a></dd>
+
+ <dt>Previous Versions:</dt>
+ <dd><a href="http://www.w3.org/TR/2012/WD-XMLHttpRequest-20121206/">http://www.w3.org/TR/2012/WD-XMLHttpRequest-20121206/</a></dd>
+ <dd><a href="http://www.w3.org/TR/2012/WD-XMLHttpRequest-20120117/">http://www.w3.org/TR/2012/WD-XMLHttpRequest-20120117/</a></dd>
+ <dd><a href="http://www.w3.org/TR/2011/WD-XMLHttpRequest2-20110816/">http://www.w3.org/TR/2011/WD-XMLHttpRequest2-20110816/</a></dd>
+ <dd><a href="http://www.w3.org/TR/2010/WD-XMLHttpRequest2-20100907/">http://www.w3.org/TR/2010/WD-XMLHttpRequest2-20100907/</a></dd>
+ <dd><a href="http://www.w3.org/TR/2009/WD-XMLHttpRequest2-20090820/">http://www.w3.org/TR/2009/WD-XMLHttpRequest2-20090820/</a></dd>
+ <dd><a href="http://www.w3.org/TR/2008/WD-XMLHttpRequest2-20080930/">http://www.w3.org/TR/2008/WD-XMLHttpRequest2-20080930/</a></dd>
+ <dd><a href="http://www.w3.org/TR/2008/WD-XMLHttpRequest2-20080225/">http://www.w3.org/TR/2008/WD-XMLHttpRequest2-20080225/</a></dd>
+ <dd><a href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20071026/</a>
+ <dd><a href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070618/</a>
+ <dd><a href="http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/">http://www.w3.org/TR/2007/WD-XMLHttpRequest-20070227/</a>
+ <dd><a href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060927/</a>
+ <dd><a href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060619/</a>
+ <dd><a href="http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/">http://www.w3.org/TR/2006/WD-XMLHttpRequest-20060405/</a>
+
+ <dt>Editor:</dt>
+ <dd><a href="http://annevankesteren.nl/">Anne van Kesteren</a>,
+ <a href="http://www.mozilla.org/">Mozilla</a> (Upstream WHATWG version)
+ </dd>
+ <dd><a href="http://jaubourg.net/">Julian Aubourg</a>,
+ <a href="http://www.creative-area.net/">Creative Area</a>
+ </dd>
+ <dd><a href="mailto:jungkee.song@samsung.com">송정기 (Jungkee Song)</a>,
+ <a href="http://www.samsung.com/sec/">Samsung Electronics</a>
+ </dd>
+ <dd><a href="http://www.hallvord.com/">Hallvord R. M. Steen</a>,
+ <a href="http://www.mozilla.org/">Mozilla</a>
+ </dd>
+ </dl>
+ </div>
+
+<div class="w3conly">
+<!--begin-copyright-->
+<p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2014 <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>, <a href="http://ev.buaa.edu.cn/">Beihang</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p>
+<!--end-copyright--></div>
+
+
+
+ <hr class="top">
+
+
+<div class="publish"><!-- publication version -->
+ <h2 class="no-num no-toc" id="specabstract">Abstract</h2>
+
+ <p>The XMLHttpRequest specification defines an API that provides scripted
+ client functionality for transferring data between a client and a server.
+
+ <h2 class="no-num no-toc" id="sotd">Status of this Document</h2>
+
+ <p><em>This section describes the status of this document at the time of its
+ publication. Other documents may supersede this document. A list of current
+ W3C publications and the latest revision of this technical report can be
+ found in the <a href="http://www.w3.org/TR/">W3C technical reports index</a>
+ at http://www.w3.org/TR/.</em></p>
+
+ <p>This document is published as a snapshot of the
+ <a href="http://xhr.spec.whatwg.org/">XMLHttpRequest Living Specification</a>.</p>
+
+ <p>If you wish to make comments regarding this document in a manner
+ that is tracked by the W3C, please submit them via using <a href="http://www.w3.org/Bugs/Public/enter_bug.cgi?product=WebAppsWG">our public bug database</a>, or please send comments to
+ <a href="mailto:public-webapps@w3.org?subject=%5BXHR%5D%20">public-webapps@w3.org</a>
+ (<a href="http://lists.w3.org/Archives/Public/public-webapps/">archived</a>)
+ with <samp>[XHR]</samp> at the start of the subject line.</p>
+
+ <p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Applications Working
+ Group</a> is the W3C working group responsible for this specification's progress along the W3C Recommendation track. This specification is the 28 January 2014 Working Draft.</p>
+
+ <p>Publication as a Working Draft does not imply endorsement by the W3C
+ Membership. This is a draft document and may be updated, replaced or
+ obsoleted by other documents at any time. It is inappropriate to cite this
+ document as other than work in progress.</p>
+
+ <p>Work on this specification is also done at the <a href="http://www.whatwg.org/">WHATWG</a>. The W3C Web Applications working group actively pursues convergence of XMLHttpRequest specification with the WHATWG.</p>
+
+ <p>This document was produced by a group operating under the
+ <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004
+ W3C Patent Policy</a>. W3C maintains a
+ <a href="http://www.w3.org/2004/01/pp-impl/42538/status" rel="disclosure">public
+ list of any patent disclosures</a> made in connection with the deliverables of
+ the group; that page also includes instructions for disclosing a patent. An
+ individual who has actual knowledge of a patent which the individual believes
+ contains
+ <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential">Essential
+ Claim(s)</a> must disclose the information in accordance with
+ <a href="http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure">section
+ 6 of the W3C Patent Policy</a>.</p>
+
+</div>
+
+
+ <h2 class="no-num no-toc" id="toc">Table of Contents</h2>
+
+
+<!--begin-toc-->
+<ol class="toc">
+ <li><a class="no-test" href="#introduction"><span class="secno">1 </span>Introduction</a>
+ <ol class="toc">
+ <li><a class="no-test" href="#specification-history"><span class="secno">1.1 </span>Specification history</a></ol></li>
+ <li><a class="no-test" href="#conformance"><span class="secno">2 </span>Conformance</a>
+ <ol class="toc">
+ <li><a class="no-test" href="#dependencies"><span class="secno">2.1 </span>Dependencies</a></li>
+ <li><a class="no-test" href="#extensibility"><span class="secno">2.2 </span>Extensibility</a></ol></li>
+ <li><a class="no-test" href="#terminology"><span class="secno">3 </span>Terminology</a></li>
+ <li><a href="#interface-xmlhttprequest"><span class="secno">4 </span>Interface <code title="">XMLHttpRequest</code></a>
+ <ol class="toc">
+ <li><a href="#task-sources"><span class="secno">4.1 </span>Task sources</a></li>
+ <li><a href="#constructor"><span class="secno">4.2 </span>Constructor</a></li>
+ <li><a href="#garbage-collection"><span class="secno">4.3 </span>Garbage collection</a></li>
+ <li><a href="#event-handlers"><span class="secno">4.4 </span>Event handlers</a></li>
+ <li><a href="#states"><span class="secno">4.5 </span>States</a></li>
+ <li><a href="#request"><span class="secno">4.6 </span>Request</a>
+ <ol class="toc">
+ <li><a href="#the-open()-method"><span class="secno">4.6.1 </span>The <code title="">open()</code> method</a></li>
+ <li><a href="#the-setrequestheader()-method"><span class="secno">4.6.2 </span>The <code title="">setRequestHeader()</code> method</a></li>
+ <li><a href="#the-timeout-attribute"><span class="secno">4.6.3 </span>The <code title="">timeout</code> attribute</a></li>
+ <li><a href="#the-withcredentials-attribute"><span class="secno">4.6.4 </span>The <code title="">withCredentials</code> attribute</a></li>
+ <li><a href="#the-upload-attribute"><span class="secno">4.6.5 </span>The <code title="">upload</code> attribute</a></li>
+ <li><a href="#the-send()-method"><span class="secno">4.6.6 </span>The <code title="">send()</code> method</a></li>
+ <li><a href="#infrastructure-for-the-send()-method"><span class="secno">4.6.7 </span>Infrastructure for the <code title="">send()</code> method</a></li>
+ <li><a href="#the-abort()-method"><span class="secno">4.6.8 </span>The <code title="">abort()</code> method</a></ol></li>
+ <li><a href="#response"><span class="secno">4.7 </span>Response</a>
+ <ol class="toc">
+ <li><a href="#the-status-attribute"><span class="secno">4.7.1 </span>The <code title="">status</code> attribute</a></li>
+ <li><a href="#the-statustext-attribute"><span class="secno">4.7.2 </span>The <code title="">statusText</code> attribute</a></li>
+ <li><a href="#the-getresponseheader()-method"><span class="secno">4.7.3 </span>The <code title="">getResponseHeader()</code> method</a></li>
+ <li><a href="#the-getallresponseheaders()-method"><span class="secno">4.7.4 </span>The <code title="">getAllResponseHeaders()</code> method</a></li>
+ <li><a href="#response-entity-body-0"><span class="secno">4.7.5 </span>Response entity body</a></li>
+ <li><a href="#the-overridemimetype()-method"><span class="secno">4.7.6 </span>The <code title="">overrideMimeType()</code> method</a></li>
+ <li><a href="#the-responsetype-attribute"><span class="secno">4.7.7 </span>The <code title="">responseType</code> attribute</a></li>
+ <li><a href="#the-response-attribute"><span class="secno">4.7.8 </span>The <code title="">response</code> attribute</a></li>
+ <li><a href="#the-responsetext-attribute"><span class="secno">4.7.9 </span>The <code title="">responseText</code> attribute</a></li>
+ <li><a href="#the-responsexml-attribute"><span class="secno">4.7.10 </span>The <code title="">responseXML</code> attribute</a></ol></li>
+ <li><a href="#events"><span class="secno">4.8 </span>Events summary</a></ol></li>
+ <li><a href="#interface-formdata"><span class="secno">5 </span>Interface <code title="">FormData</code></a></li>
+ <li><a class="no-num" href="#references">References</a></li>
+ <li><a class="no-num" href="#acknowledgments">Acknowledgments</a></ol>
+<!--end-toc-->
+
+
+
+ <h2 class="no-test" id="introduction"><span class="secno">1 </span>Introduction</h2>
+
+ <p><em>This section is non-normative.</em></p>
+
+ <p>The <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object is an API for
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#fetch" title="fetch">fetching</a> resources.
+ <!-- XXX elaborate on options -->
+
+ <p>The name of the object is <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> for compatibility
+ with the Web, though each component of this name is potentially
+ misleading. First, the object supports any text based format, including
+ XML. Second, it can be used to make requests over both HTTP and HTTPS
+ (some implementations support protocols in addition to HTTP and HTTPS, but
+ that functionality is not covered by this specification). Finally, it
+ supports "requests" in a broad sense of the term as it pertains to HTTP;
+ namely all activity involved with HTTP requests or responses for the
+ defined HTTP methods.</p>
+ <!-- XXX need to improve point 2 -->
+
+ <div class="example">
+ <p>Some simple code to do something with data from an XML document
+ fetched over the network:</p>
+
+ <pre><code>function processData(data) {
+ // taking care of data
+}
+
+function handler() {
+ if(this.readyState == this.DONE) {
+ if(this.status == 200 &&
+ this.responseXML != null &&
+ this.responseXML.getElementById('test').textContent) {
+ // success!
+ processData(this.responseXML.getElementById('test').textContent);
+ return;
+ }
+ // something went wrong
+ processData(null);
+ }
+}
+
+var client = new XMLHttpRequest();
+client.onreadystatechange = handler;
+client.open("GET", "unicorn.xml");
+client.send();</code></pre>
+
+ <p>If you just want to log a message to the server:</p>
+
+ <pre><code>function log(message) {
+ var client = new XMLHttpRequest();
+ client.open("POST", "/log");
+ client.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
+ client.send(message);
+}</code></pre>
+
+ <p>Or if you want to check the status of a document on the server:</p>
+
+ <pre><code>function fetchStatus(address) {
+ var client = new XMLHttpRequest();
+ client.onreadystatechange = function() {
+ // in case of network errors this might not give reliable results
+ if(this.readyState == this.DONE)
+ returnStatus(this.status);
+ }
+ client.open("HEAD", address);
+ client.send();
+}</code></pre>
+ </div>
+
+
+<h3 class="no-test" id="specification-history"><span class="secno">1.1 </span>Specification history</h3>
+
+<p>The <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object was initially defined as part of
+the WHATWG's HTML effort. (Long after Microsoft shipped an implementation.)
+It moved to the W3C in 2006. Extensions (e.g. progress events and
+cross-origin requests) to <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> were developed in a
+separate draft (XMLHttpRequest Level 2) until end of 2011, at which point
+the two drafts were merged and <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> became a single
+entity again from a standards perspective. Since 2012, the development work
+required for getting the spec finalized has taken place both in the WHATWG and
+in the W3C Web Applications working group.</p>
+
+<p>XMLHttpRequest Level 1, the first stable Recommendation track
+specification for the <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> feature, standardizes all
+parts of <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> that are compatibly supported across
+major implementations. Implementors should be able to rely on this
+specification and the
+<a href="http://w3c-test.org/web-platform-tests/master/XMLHttpRequest/">related test suite</a>
+in order to create interoperable implementations.</p>
+
+<p>Some features included in the
+<a href="http://xhr.spec.whatwg.org/">WHATWG specification</a> are left out
+because they are not yet widely implemented or used. These features are:</p>
+<ul>
+ <li><a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#fetch" title="fetch">Fetching</a>
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#data-protocol" title="data-protocol"><code>data:</code> URLs</a>.</li>
+ <li>The <code>URLSearchParams</code> type in <code>send()</code> method.</li>
+ <li>The additional methods other than <code>append()</code> defined in the interface <code><a href="#formdata">FormData</a></code>.</li>
+</ul>
+
+<p>Historical discussion can be found in the following mailing list
+archives:
+
+<ul>
+ <li><a href="http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/">whatwg@whatwg.org</a>
+ <li><a href="http://lists.w3.org/Archives/Public/public-webapi/">public-webapi@w3.org</a>
+ <li><a href="http://lists.w3.org/Archives/Public/public-appformats/">public-appformats@w3.org</a>
+ <li><a href="http://lists.w3.org/Archives/Public/public-webapps/">public-webapps@w3.org</a>
+</ul>
+
+
+
+<h2 class="no-test" id="conformance"><span class="secno">2 </span>Conformance</h2>
+
+<p>All diagrams, examples, and notes in this specification are
+non-normative, as are all sections explicitly marked non-normative.
+Everything else in this specification is normative.
+
+<p>The key words "MUST", "MUST NOT", "REQUIRED", <!--"SHALL", "SHALL
+NOT",--> "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
+"OPTIONAL" in the normative parts of this specification are to be
+interpreted as described in RFC2119. For readability, these words do
+not appear in all uppercase letters in this specification.
+<a href="#refsRFC2119">[RFC2119]</a>
+
+
+ <h3 class="no-test" id="dependencies"><span class="secno">2.1 </span>Dependencies</h3>
+
+ <p>This specification relies on several underlying specifications.</p>
+
+ <dl>
+ <dt>Cross-Origin Resource Sharing</dt>
+ <dd><p>A <span>conforming user agent</span> must
+ support the algorithms of the Cross-Origin Resource Sharing
+ specification. <a href="#refsCORS">[CORS]</a></dd>
+
+ <dt>DOM4</dt>
+ <dd><p>A <span>conforming user agent</span> must
+ support at least the subset of the functionality defined in DOM4 that
+ this specification relies upon, such as various exceptions and
+ <code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#eventtarget">EventTarget</a></code>. <a href="#refsDOM">[DOM]</a></dd>
+
+ <dt>DOM Parsing and Serialization
+ <dd><p>A <span>conforming user agent</span> must support at least the
+ <a class="external" href="http://html5.org/specs/dom-parsing.html#concept-serialize" title="concept-serialize">serialize</a>
+ concept from DOM Parsing and Serialization.
+ <a href="#refsDOMPS">[DOMPS]</a>
+
+ <dt>Encoding Standard
+ <dd><p>A <span>conforming user agent</span> must
+ support at least the subset of the functionality defined in Encoding Standard that
+ this specification relies upon, such as the <code class="external" title="utf-8"><a href="http://encoding.spec.whatwg.org/#utf-8">utf-8</a></code> <code class="external" title="encoding"><a href="http://encoding.spec.whatwg.org/#encoding">encoding</a></code>.
+ <a href="#refsENCODING">[ENCODING]</a>
+
+ <dt>File API</dt>
+ <dd><p>A <span>conforming user agent</span> must
+ support at least the subset of the functionality defined in File API that
+ this specification relies upon, such as the <code class="external"><a href="http://dev.w3.org/2006/webapi/FileAPI/#blob">Blob</a></code> and
+ <code class="external"><a href="http://dev.w3.org/2006/webapi/FileAPI/#file">File</a></code> interfaces. <a href="#refsFILEAPI">[FILEAPI]</a></p>
+
+ <dt>HTML</dt>
+ <dd><p>A <span>conforming user agent</span> must
+ support at least the subset of the functionality defined in HTML that
+ this specification relies upon, such as the basics of the
+ <code class="external"><a href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#window">Window</a></code> object and serializing a <code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#document">Document</a></code>
+ object. <a href="#refsHTML">[HTML]</a>
+
+ <dt>HTTP</dt>
+ <dd><p>A <span>conforming user agent</span> must
+ support some version of the HTTP protocol. Requirements regarding HTTP
+ are made throughout the specification. <a href="#refsHTTP">[HTTP]</a>
+
+ <dt>Progress Events</dt>
+ <dd><p>A <span>conforming user agent</span> must support the
+ Progress Events specification.
+ <a href="#refsPROGRESSEVENTS">[PROGRESSEVENTS]</a>
+
+ <dt>Typed Array</dt>
+ <dd><p>A <span>conforming user agent</span> must support the
+ <code class="external"><a href="http://www.khronos.org/registry/typedarray/specs/latest/#ARRAYBUFFER">ArrayBuffer</a></code> and
+ <code class="external"><a href="http://www.khronos.org/registry/typedarray/specs/latest/#ARRAYBUFFERVIEW">ArrayBufferView</a></code> objects.
+ <a href="#refsTYPEDARRAY">[TYPEDARRAY]</a>
+
+ <dt>URL</dt>
+ <dd><p>A <span>conforming user agent</span> must
+ support the URL parsing algorithm of the URL
+ specification. <a href="#refsURL">[URL]</a></dd>
+
+ <dt>Web IDL</dt>
+ <dd><p>A <span>conforming user agent</span> must also
+ be a conforming implementation of the IDL fragments in this
+ specification, as described in the Web IDL specification.
+ <a href="#refsWEBIDL">[WEBIDL]</a>
+
+ <dt>XML</dt>
+ <dd><p>A <span>conforming user agent</span> must be a
+ conforming XML processor that reports violations of namespace
+ well-formedness. <a href="#refsXML">[XML]</a>
+ <a href="#refsXMLNS">[XMLNS]</a>
+ </dl>
+
+ <p>It uses the typographic conventions from HTML. <a href="#refsHTML">[HTML]</a></p>
+
+ <h3 class="no-test" id="extensibility"><span class="secno">2.2 </span>Extensibility</h3>
+
+ <p>User agents, Working Groups, and other interested parties are
+ <em>strongly encouraged</em> to discuss new features on a relevant public
+ forum, preferably
+ <a href="mailto:public-webapps@w3.org">public-webapps@w3.org</a>. If this
+ is for some reason not possible prefix the extension in some way. E.g. if
+ company Foo wants to add a proprietary method <code>bar()</code> it could
+ be named <code>fooBar()</code> to prevent clashes with a potential
+ non-proprietary method <code>bar()</code>.</p>
+
+
+
+ <h2 class="no-test" id="terminology"><span class="secno">3 </span>Terminology</h2>
+
+
+ <p>The term <dfn id="user-credentials">user credentials</dfn> for the purposes of this
+ specification means cookies, HTTP authentication, and client-side SSL
+ certificates. Specifically it does not refer to proxy authentication or
+ the <code title="http-origin">Origin</code> header.
+ <a href="#refsCOOKIES">[COOKIES]</a> <!-- XXX ref? --></p>
+
+
+ <h2 id="interface-xmlhttprequest"><span class="secno">4 </span>Interface <code title="">XMLHttpRequest</code></h2>
+
+ <pre class="idl">[NoInterfaceObject]
+interface <dfn id="xmlhttprequesteventtarget">XMLHttpRequestEventTarget</dfn> : <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#eventtarget">EventTarget</a> {
+ // <a href="#event-handlers">event handlers</a>
+ attribute <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#eventhandler">EventHandler</a> <a href="#handler-xhr-onloadstart" title="handler-xhr-onloadstart">onloadstart</a>;
+ attribute <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#eventhandler">EventHandler</a> <a href="#handler-xhr-onprogress" title="handler-xhr-onprogress">onprogress</a>;
+ attribute <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#eventhandler">EventHandler</a> <a href="#handler-xhr-onabort" title="handler-xhr-onabort">onabort</a>;
+ attribute <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#eventhandler">EventHandler</a> <a href="#handler-xhr-onerror" title="handler-xhr-onerror">onerror</a>;
+ attribute <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#eventhandler">EventHandler</a> <a href="#handler-xhr-onload" title="handler-xhr-onload">onload</a>;
+ attribute <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#eventhandler">EventHandler</a> <a href="#handler-xhr-ontimeout" title="handler-xhr-ontimeout">ontimeout</a>;
+ attribute <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#eventhandler">EventHandler</a> <a href="#handler-xhr-onloadend" title="handler-xhr-onloadend">onloadend</a>;
+};
+
+interface <dfn id="xmlhttprequestupload">XMLHttpRequestUpload</dfn> : <a href="#xmlhttprequesteventtarget">XMLHttpRequestEventTarget</a> {
+
+};
+
+enum <dfn id="xmlhttprequestresponsetype">XMLHttpRequestResponseType</dfn> {
+ "",
+ "arraybuffer",
+ "blob",
+ "document",
+ "json",
+ "text"
+};
+
+[<a href="#dom-xmlhttprequest" title="dom-XMLHttpRequest">Constructor</a>]
+interface <dfn id="xmlhttprequest">XMLHttpRequest</dfn> : <a href="#xmlhttprequesteventtarget">XMLHttpRequestEventTarget</a> {
+ // <a href="#event-handlers">event handler</a>
+ attribute <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#eventhandler">EventHandler</a> <a href="#handler-xhr-onreadystatechange" title="handler-xhr-onreadystatechange">onreadystatechange</a>;
+
+ // <a href="#states">states</a>
+ const unsigned short <a href="#dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT">UNSENT</a> = 0;
+ const unsigned short <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a> = 1;
+ const unsigned short <a href="#dom-xmlhttprequest-headers_received" title="dom-XMLHttpRequest-HEADERS_RECEIVED">HEADERS_RECEIVED</a> = 2;
+ const unsigned short <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a> = 3;
+ const unsigned short <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a> = 4;
+ readonly attribute unsigned short <a href="#dom-xmlhttprequest-readystate" title="dom-XMLHttpRequest-readyState">readyState</a>;
+
+ // <a href="#request">request</a>
+ void <a href="#dom-xmlhttprequest-open" title="dom-XMLHttpRequest-open">open</a>(ByteString <var>method</var>, [EnsureUTF16] DOMString <var title="">url</var>);
+ void <a href="#dom-xmlhttprequest-open" title="dom-XMLHttpRequest-open">open</a>(ByteString <var>method</var>, [EnsureUTF16] DOMString <var title="">url</var>, boolean <var>async</var>, optional [EnsureUTF16] DOMString? <var>username</var> = null, optional [EnsureUTF16] DOMString? <var>password</var> = null);
+ void <a href="#dom-xmlhttprequest-setrequestheader" title="dom-XMLHttpRequest-setRequestHeader">setRequestHeader</a>(ByteString <var>header</var>, ByteString <var>value</var>);
+ attribute unsigned long <a href="#dom-xmlhttprequest-timeout" title="dom-XMLHttpRequest-timeout">timeout</a>;
+ attribute boolean <a href="#dom-xmlhttprequest-withcredentials" title="dom-XMLHttpRequest-withCredentials">withCredentials</a>;
+ readonly attribute <a href="#xmlhttprequestupload">XMLHttpRequestUpload</a> <a href="#dom-xmlhttprequest-upload" title="dom-XMLHttpRequest-upload">upload</a>;
+ void <a href="#dom-xmlhttprequest-send" title="dom-XMLHttpRequest-send">send</a>(optional (<a class="external" href="http://www.khronos.org/registry/typedarray/specs/latest/#ARRAYBUFFERVIEW">ArrayBufferView</a> or <a class="external" href="http://dev.w3.org/2006/webapi/FileAPI/#blob">Blob</a> or <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#document">Document</a> or [EnsureUTF16] DOMString or <a href="#formdata">FormData</a>)? <var>data</var> = null);
+ void <a href="#dom-xmlhttprequest-abort" title="dom-XMLHttpRequest-abort">abort</a>();
+
+ // <a href="#response">response</a>
+ readonly attribute unsigned short <a href="#dom-xmlhttprequest-status" title="dom-XMLHttpRequest-status">status</a>;
+ readonly attribute ByteString <a href="#dom-xmlhttprequest-statustext" title="dom-XMLHttpRequest-statusText">statusText</a>;
+ ByteString? <a href="#dom-xmlhttprequest-getresponseheader" title="dom-XMLHttpRequest-getResponseHeader">getResponseHeader</a>(ByteString <var>header</var>);
+ ByteString <a href="#dom-xmlhttprequest-getallresponseheaders" title="dom-XMLHttpRequest-getAllResponseHeaders">getAllResponseHeaders</a>();
+ void <a href="#dom-xmlhttprequest-overridemimetype" title="dom-XMLHttpRequest-overrideMimeType">overrideMimeType</a>(DOMString <var>mime</var>);
+ attribute <a href="#xmlhttprequestresponsetype">XMLHttpRequestResponseType</a> <a href="#dom-xmlhttprequest-responsetype" title="dom-XMLHttpRequest-responseType">responseType</a>;
+ readonly attribute any <a href="#dom-xmlhttprequest-response" title="dom-XMLHttpRequest-response">response</a>;
+ readonly attribute DOMString <a href="#dom-xmlhttprequest-responsetext" title="dom-XMLHttpRequest-responseText">responseText</a>;
+ readonly attribute <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#document">Document</a>? <a href="#dom-xmlhttprequest-responsexml" title="dom-XMLHttpRequest-responseXML">responseXML</a>;
+};</pre>
+
+<p>Each <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object has a unique, associated
+<code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.
+
+<p>If the <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+<a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#worker-environment">worker environment</a>, implementations must act as if
+<code title="">Document</code> and <code title="">Document?</code> in the above IDL were not
+exposed. I.e. <code title="dom-XMLHttpRequest-send"><a href="#dom-xmlhttprequest-send">send()</a></code> is not overloaded with it
+and <code title="dom-XMLHttpRequest-responseXML"><a href="#dom-xmlhttprequest-responsexml">responseXML</a></code> always returns null (as
+required by its definition, too).
+
+
+<h3 id="task-sources"><span class="secno">4.1 </span>Task sources</h3>
+
+<p>Each <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object has its own
+<a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#task-source">task source</a>. Namely, the
+<dfn id="xmlhttprequest-task-source"><code>XMLHttpRequest</code> task source</dfn>.
+
+
+ <h3 id="constructor"><span class="secno">4.2 </span>Constructor</h3>
+
+ <p>The <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object has an associated
+ <dfn id="concept-xmlhttprequest-settings-object" title="concept-XMLHttpRequest-settings-object">settings object</dfn>.
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> = new <a href="#dom-xmlhttprequest" title="dom-XMLHttpRequest">XMLHttpRequest</a>()</code>
+ <dd>Returns a new <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object.
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest" title="dom-XMLHttpRequest"><code>XMLHttpRequest()</code></dfn>
+ constructor must run these steps:
+
+ <ol>
+ <li><p>Let <var title="">xhr</var> be a new <code><a href="#xmlhttprequest">XMLHttpRequest</a></code>
+ object.
+
+ <li><p>Set <var title="">xhr</var>'s
+ <a href="#concept-xmlhttprequest-settings-object" title="concept-XMLHttpRequest-settings-object">settings object</a> to the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/text-level-semantics.html#relevant-settings-object-for-a-global-object" title="relevant settings object for a global object">relevant settings object</a>
+ for the global object of <var title="">xhr</var>'s interface object.
+
+ <li><p>Return <var title="">xhr</var>.
+ </ol>
+
+
+<h3 id="garbage-collection"><span class="secno">4.3 </span>Garbage collection</h3>
+
+<!-- Based on EventSource and WebSocket. Not sure what I am doing. -->
+
+<p>An <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object must not be garbage collected if
+its state is <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a> and the
+<a href="#send-flag"><code>send()</code> flag</a> is set, its state is
+<a href="#dom-xmlhttprequest-headers_received" title="dom-XMLHttpRequest-HEADERS_RECEIVED">HEADERS_RECEIVED</a>, or
+its state is <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a>, and
+one of the following is true:
+
+<ul>
+ <li><p>It has one or more
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-event-listener" title="concept-event-listener">event listeners</a>
+ registered whose <b>type</b> is
+ <code title="event-xhr-readystatechange"><a href="#event-xhr-readystatechange">readystatechange</a></code>,
+ <code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code>,
+ <code title="event-xhr-abort"><a href="#event-xhr-abort">abort</a></code>,
+ <code title="event-xhr-error"><a href="#event-xhr-error">error</a></code>,
+ <code title="event-xhr-load"><a href="#event-xhr-load">load</a></code>,
+ <code title="event-xhr-timeout"><a href="#event-xhr-timeout">timeout</a></code>, or
+ <code title="event-xhr-loadend"><a href="#event-xhr-loadend">loadend</a></code>.
+ <li><p>The <a href="#upload-complete-flag">upload complete flag</a> is unset and the associated
+ <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object has one or more
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-event-listener" title="concept-event-listener">event listeners</a>
+ registered whose <b>type</b> is
+ <code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code>,
+ <code title="event-xhr-abort"><a href="#event-xhr-abort">abort</a></code>,
+ <code title="event-xhr-error"><a href="#event-xhr-error">error</a></code>,
+ <code title="event-xhr-load"><a href="#event-xhr-load">load</a></code>,
+ <code title="event-xhr-timeout"><a href="#event-xhr-timeout">timeout</a></code>, or
+ <code title="event-xhr-loadend"><a href="#event-xhr-loadend">loadend</a></code>.
+</ul>
+
+<p>If an <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object is garbage collected while its
+connection is still open, the user agent must <a href="#terminate-the-request">terminate the request</a>.</p>
+
+
+
+ <h3 id="event-handlers"><span class="secno">4.4 </span>Event handlers</h3>
+
+
+ <p>The following are the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#event-handlers">event handlers</a> (and their corresponding
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#event-handler-event-type" title="event handler event type">event handler event types</a>)
+ that must be supported on objects implementing an interface that inherits
+ from <code><a href="#xmlhttprequesteventtarget">XMLHttpRequestEventTarget</a></code> as attributes:</p>
+
+ <table>
+ <thead>
+ <tr>
+ <th><a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#event-handlers" title="event handlers">event handler</a>
+ <th><a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#event-handler-event-type">event handler event type</a>
+ <tbody>
+ <tr>
+ <td><dfn id="handler-xhr-onloadstart" title="handler-xhr-onloadstart"><code>onloadstart</code></dfn>
+ <td><code title="event-xhr-loadstart"><a href="#event-xhr-loadstart">loadstart</a></code>
+ <tr>
+ <td><dfn id="handler-xhr-onprogress" title="handler-xhr-onprogress"><code>onprogress</code></dfn>
+ <td><code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code>
+ <tr>
+ <td><dfn id="handler-xhr-onabort" title="handler-xhr-onabort"><code>onabort</code></dfn>
+ <td><code title="event-xhr-abort"><a href="#event-xhr-abort">abort</a></code>
+ <tr>
+ <td><dfn id="handler-xhr-onerror" title="handler-xhr-onerror"><code>onerror</code></dfn>
+ <td><code title="event-xhr-error"><a href="#event-xhr-error">error</a></code>
+ <tr>
+ <td><dfn id="handler-xhr-onload" title="handler-xhr-onload"><code>onload</code></dfn>
+ <td><code title="event-xhr-load"><a href="#event-xhr-load">load</a></code>
+ <tr>
+ <td><dfn id="handler-xhr-ontimeout" title="handler-xhr-ontimeout"><code>ontimeout</code></dfn>
+ <td><code title="event-xhr-timeout"><a href="#event-xhr-timeout">timeout</a></code>
+ <tr>
+ <td><dfn id="handler-xhr-onloadend" title="handler-xhr-onloadend"><code>onloadend</code></dfn>
+ <td><code title="event-xhr-loadend"><a href="#event-xhr-loadend">loadend</a></code>
+ </table>
+
+
+ <p>The following is the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#event-handlers" title="event handlers">event handler</a>
+ (and its corresponding
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#event-handler-event-type">event handler event type</a>) that must be
+ supported as attribute solely by the
+ <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object:</p>
+
+ <table>
+ <thead>
+ <tr>
+ <th><a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#event-handlers" title="event handlers">event handler</a>
+ <th><a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#event-handler-event-type">event handler event type</a>
+ <tbody>
+ <tr>
+ <td><dfn id="handler-xhr-onreadystatechange" title="handler-xhr-onreadystatechange"><code>onreadystatechange</code></dfn>
+ <td><code title="event-xhr-readystatechange"><a href="#event-xhr-readystatechange">readystatechange</a></code></td>
+ </table>
+
+
+ <h3 id="states"><span class="secno">4.5 </span>States</h3>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-readystate" title="dom-XMLHttpRequest-readyState">readyState</a></code>
+ <dd><p>Returns the current state.
+ </dl>
+
+ <p>The <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object can be in several states. The
+ <dfn id="dom-xmlhttprequest-readystate" title="dom-XMLHttpRequest-readyState"><code>readyState</code></dfn>
+ attribute must return the current state, which must be one of the
+ following values:</p>
+
+ <dl>
+ <dt><dfn id="dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT"><code>UNSENT</code></dfn>
+ (numeric value 0)</dt>
+ <dd><p>The object has been constructed.</dd>
+
+ <dt><dfn id="dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED"><code>OPENED</code></dfn>
+ (numeric value 1)</dt>
+ <dd><p>The <code title="dom-XMLHttpRequest-open"><a href="#dom-xmlhttprequest-open">open()</a></code> method has been successfully invoked.
+ During this state request headers can be set using
+ <code title="dom-XMLHttpRequest-setRequestHeader"><a href="#dom-xmlhttprequest-setrequestheader">setRequestHeader()</a></code>
+ and the request can be made using the
+ <code title="dom-XMLHttpRequest-send"><a href="#dom-xmlhttprequest-send">send()</a></code> method.</dd>
+
+ <dt><dfn id="dom-xmlhttprequest-headers_received" title="dom-XMLHttpRequest-HEADERS_RECEIVED"><code>HEADERS_RECEIVED</code></dfn>
+ (numeric value 2)</dt>
+ <dd><p>All redirects (if any) have been followed and all HTTP headers of
+ the final response have been received. Several response members of the
+ object are now available.</dd>
+
+ <dt><dfn id="dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING"><code>LOADING</code></dfn>
+ (numeric value 3)</dt>
+ <dd><p>The <a href="#response-entity-body">response entity body</a> is being received.</dd>
+
+ <dt><dfn id="dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE"><code>DONE</code></dfn>
+ (numeric value 4)</dt>
+ <dd><p>The data transfer has been completed or something went wrong
+ during the transfer (e.g. infinite redirects).</dd>
+ </dl>
+
+ <p>The <dfn id="send-flag"><code>send()</code> flag</dfn> indicates
+ that the <code title="dom-XMLHttpRequest-send"><a href="#dom-xmlhttprequest-send">send()</a></code> method has
+ been invoked. It is initially unset and is used during the
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a> state.
+
+ <p>The <dfn id="error-flag">error flag</dfn> indicates some type of
+ network error or fetch termination. It is initially unset.
+
+<h3 id="request"><span class="secno">4.6 </span>Request</h3>
+
+<p>Each <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object has the following
+request-associated concepts:
+
+<dfn id="request-method">request method</dfn>,
+<dfn id="request-url">request URL</dfn>,
+<dfn id="author-request-headers">author request headers</dfn>,
+<dfn id="request-entity-body">request entity body</dfn>,
+<dfn id="source-origin">source origin</dfn>,
+<dfn id="referrer-source">referrer source</dfn>,
+<dfn id="synchronous-flag">synchronous flag</dfn>,
+<dfn id="upload-complete-flag">upload complete flag</dfn>, and
+<dfn id="upload-events-flag">upload events flag</dfn>.
+
+<p>The <a href="#author-request-headers">author request headers</a> is a list of HTTP header names
+and corresponding header values. Comparisons against the HTTP header names
+must be done in a case-insensitive manner. Initially it must be empty.
+
+<p>The <a href="#request-entity-body">request entity body</a> must initially be null.
+
+<p>The <a href="#synchronous-flag">synchronous flag</a>,
+<a href="#upload-complete-flag">upload complete flag</a>, and
+<a href="#upload-events-flag">upload events flag</a> must be initially unset.
+
+<hr>
+
+<p>To <dfn id="terminate-the-request">terminate the request</dfn> run these steps:
+
+<ol>
+ <li><p>Set the <a href="#error-flag">error flag</a>.
+
+ <li><p>Cancel any instance of the <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#fetch">fetch</a> algorithm
+ opened by this object.
+
+ <li><p>If there are any <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#concept-task" title="concept-task">tasks</a> from
+ the object's <a href="#xmlhttprequest-task-source"><code>XMLHttpRequest</code> task source</a> in one of the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#task-queue" title="task queue">task queues</a>, then remove them.
+</ol>
+
+
+ <h4 id="the-open()-method"><span class="secno">4.6.1 </span>The <code title="">open()</code> method</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-open" title="dom-XMLHttpRequest-open">open</a>(<var title="">method</var>, <var title="">url</var> [, <var title="">async</var> = true [, <var title="">username</var> = null [, <var title="">password</var> = null]]])</code>
+
+ <dd>
+ <p>Sets the <a href="#request-method">request method</a>, <a href="#request-url">request URL</a>, and
+ <a href="#synchronous-flag">synchronous flag</a>.</p>
+
+ <p>Throws a JavaScript <code class="external"><a href="http://dev.w3.org/2006/webapi/WebIDL/#dfn-predefined-exception">TypeError</a></code> if
+ either <var title="">method</var> is not a valid HTTP method or
+ <var title="">url</var> cannot be parsed.
+
+ <p>Throws a "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#securityerror">SecurityError</a></code>" exception
+ if <var title="">method</var> is a case-insensitive match for
+ <code>CONNECT</code>, <code>TRACE</code> or <code>TRACK</code>.</p>
+
+ <p>Throws an "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidaccesserror">InvalidAccessError</a></code>"
+ exception if <var title="">async</var> is false, the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#document-environment">document environment</a>, and either the
+ <code title="dom-XMLHttpRequest-timeout"><a href="#dom-xmlhttprequest-timeout">timeout</a></code> attribute is not
+ zero, the
+ <code title="dom-XMLHttpRequest-withCredentials"><a href="#dom-xmlhttprequest-withcredentials">withCredentials</a></code>
+ attribute is true, or the
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code>
+ attribute is not the empty string.
+ </dl>
+
+<p>The
+<dfn id="dom-xmlhttprequest-open" title="dom-XMLHttpRequest-open"><code>open(<var title="">method</var>, <var title="">url</var>, <var title="">async</var>, <var title="">username</var>, <var title="">password</var>)</code></dfn>
+method must run these steps:
+
+<ol>
+ <li><p>If <a href="#concept-xmlhttprequest-settings-object" title="concept-XMLHttpRequest-settings-object">settings object</a>'s
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/text-level-semantics.html#responsible-document">responsible document</a> is not
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#fully-active">fully active</a>,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.
+
+ <li><p>Set <var title="">base</var> to
+ <a href="#concept-xmlhttprequest-settings-object" title="concept-XMLHttpRequest-settings-object">settings object</a>'s
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/text-level-semantics.html#api-base-url">API base URL</a>.
+
+ <li><p>Set <a href="#source-origin">source origin</a> to
+ <a href="#concept-xmlhttprequest-settings-object" title="concept-XMLHttpRequest-settings-object">settings object</a>'s
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#origin">origin</a>.
+
+ <li><p>Set <a href="#referrer-source">referrer source</a> to the
+ <a href="#concept-xmlhttprequest-settings-object" title="concept-XMLHttpRequest-settings-object">settings object</a>'s
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/text-level-semantics.html#api-referrer-source">API referrer source</a>'s
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-document-url" title="concept-document-url">URL</a> if
+ <a href="#concept-xmlhttprequest-settings-object" title="concept-XMLHttpRequest-settings-object">settings object</a>'s
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/text-level-semantics.html#api-referrer-source">API referrer source</a> is a
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-document" title="concept-document">document</a>, and
+ <a href="#concept-xmlhttprequest-settings-object" title="concept-XMLHttpRequest-settings-object">settings object</a>'s
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/text-level-semantics.html#api-referrer-source">API referrer source</a> otherwise.
+
+ <li><p>If <var>method</var> does not match the <a class="external" href="http://tools.ietf.org/html/rfc2616/#section-5.1.1">Method</a>
+ token production, <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> a JavaScript <code class="external"><a href="http://dev.w3.org/2006/webapi/WebIDL/#dfn-predefined-exception">TypeError</a></code>.
+
+ <li>
+ <p>If <var>method</var> is a case-insensitive match for <code>CONNECT</code>,
+ <code>DELETE</code>, <code>GET</code>, <code>HEAD</code>, <code>OPTIONS</code>,
+ <code>POST</code>, <code>PUT</code>, <code>TRACE</code>, or <code>TRACK</code>, subtract
+ 0x20 from each byte in the range 0x61 (ASCII a) to 0x7A (ASCII z).
+
+ <p class="note">If it does not match any of the above, it is passed
+ through <em>literally</em>, including in the final request.
+ <!-- WebKit (and supposedly Gecko) also uppercase: COPY, INDEX, LOCK,
+ M-POST, MKCOL, MOVE, PROPFIND, PROPPATCH, and UNLOCK. -->
+
+ <li>
+ <p>If <var>method</var> is a case-sensitive match for <code>CONNECT</code>,
+ <code>TRACE</code>, or <code>TRACK</code>,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> a
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#securityerror">SecurityError</a></code>" exception.
+
+ <p class="note">Allowing these methods would pose a security risk.
+ <a href="#refsHTTPVERBSEC">[HTTPVERBSEC]</a>
+
+ <li><p>Let <var title="">parsed URL</var> be the result of
+ <a class="external" href="http://url.spec.whatwg.org/#concept-url-parser" title="concept-url-parser">parsing</a> <var title="">url</var>
+ with <var title="">base</var>.
+
+ <li><p>If <var title="">parsed URL</var> is failure,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> a JavaScript <code class="external"><a href="http://dev.w3.org/2006/webapi/WebIDL/#dfn-predefined-exception">TypeError</a></code>.
+
+ <li>
+ <p>If the <var>async</var> argument is omitted, set <var>async</var> to true, and set
+ <var title="">username</var> and <var title="">password</var> to null.
+
+ <p class="note">Due to unfortunate legacy constraints, passing
+ <code title="">undefined</code> for the <var>async</var> argument is treated differently
+ from <var>async</var> being omitted.
+
+ <li>
+ <p>If <var title="">parsed URL</var>'s <a class="external" href="http://url.spec.whatwg.org/#relative-flag">relative flag</a> is
+ set, run these substeps:
+
+ <ol>
+ <li><p>If the <var title="">username</var> argument is not null, set
+ <var title="">parsed URL</var>'s
+ <a class="external" href="http://url.spec.whatwg.org/#concept-url-username" title="concept-url-username">username</a> to
+ <var>username</var>.
+
+ <li><p>If the <var title="">password</var> argument is not null, set
+ <var title="">parsed URL</var>'s
+ <a class="external" href="http://url.spec.whatwg.org/#concept-url-password" title="concept-url-password">password</a> to
+ <var>password</var>.
+ </ol>
+
+ <li><p>If <var>async</var> is false, the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#document-environment">document environment</a>, and either the
+ <code title="dom-XMLHttpRequest-timeout"><a href="#dom-xmlhttprequest-timeout">timeout</a></code> attribute value is not zero, the
+ <code title="dom-XMLHttpRequest-withCredentials"><a href="#dom-xmlhttprequest-withcredentials">withCredentials</a></code> attribute value is
+ true, or the <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> attribute
+ value is not the empty string,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidaccesserror">InvalidAccessError</a></code>" exception.
+
+ <li>
+ <p><a href="#terminate-the-request">Terminate the request</a>.
+
+ <p class="note">After all, a request can be ongoing at this point.
+
+ <li>
+ <p>Set variables associated with the object as follows:</p>
+
+ <ul>
+ <li><p>Set <a href="#request-method">request method</a> to <var>method</var>.
+ <li><p>Set <a href="#request-url">request URL</a> to <var title="">parsed URL</var>.
+ <li><p>If <var>async</var> is false, set the <a href="#synchronous-flag">synchronous flag</a>.
+ <li><p>Set <a href="#author-request-headers">author request headers</a> to the empty list.
+ <li><p>Unset the <a href="#send-flag"><code>send()</code> flag</a>.
+ <li><p>Set <a href="#response-entity-body">response entity body</a> to null.
+ <li><p>Set <a href="#arraybuffer-response-entity-body">arraybuffer response entity body</a> to null.
+ <li><p>Set <a href="#blob-response-entity-body">blob response entity body</a> to null.
+ <li><p>Set <a href="#document-response-entity-body">document response entity body</a> to null.
+ <li><p>Set <a href="#json-response-entity-body">JSON response entity body</a> to null.
+ <li><p>Set <a href="#text-response-entity-body">text response entity body</a> to null.
+ </ul>
+
+ <li>
+ <p>If the state is not <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a>, run these
+ substeps:
+
+ <ol>
+ <li><p>Change the state to <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a>.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-event-fire" title="concept-event-fire">Fire an event</a> named <code title="event-xhr-readystatechange"><a href="#event-xhr-readystatechange">readystatechange</a></code>.
+ </ol>
+</ol>
+
+ <h4 id="the-setrequestheader()-method"><span class="secno">4.6.2 </span>The <code title="">setRequestHeader()</code> method</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-setrequestheader" title="dom-XMLHttpRequest-setRequestHeader">setRequestHeader</a>(<var title="">header</var>, <var title="">value</var>)</code>
+
+ <dd>
+ <p>Appends an header to the list of
+ <a href="#author-request-headers">author request headers</a>, or if <var>header</var> is already
+ in the list of <a href="#author-request-headers">author request headers</a>, combines its value
+ with <var>value</var>.</p>
+
+ <p>Throws an "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>"
+ exception if the state is not
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a> or if the
+ <a href="#send-flag"><code>send()</code> flag</a> is set.</p>
+
+ <p>Throws a JavaScript <code class="external"><a href="http://dev.w3.org/2006/webapi/WebIDL/#dfn-predefined-exception">TypeError</a></code> if
+ <var title="">header</var> is not a valid HTTP header field name or if
+ <var title="">value</var> is not a valid HTTP header field value.</p>
+ </dd>
+ </dl>
+
+ <p class="note">As indicated in the algorithm below certain headers cannot
+ be set and are left up to the user agent. In addition there are certain
+ other headers the user agent will take control of if they are not set by
+ the author as indicated at the end of the
+ <code title="dom-XMLHttpRequest-send"><a href="#dom-xmlhttprequest-send">send()</a></code> method section.</p>
+
+
+ <p class="note">For non <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#same-origin">same origin</a> requests using the HTTP
+ <code>GET</code> method a preflight request is made when headers other
+ than <code>Accept</code> and <code>Accept-Language</code> are set.</p>
+
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-setrequestheader" title="dom-XMLHttpRequest-setRequestHeader"><code>setRequestHeader(<var title="">header</var>, <var title="">value</var>)</code></dfn>
+ method must run these steps:</p>
+
+ <ol>
+ <li><p>If the state is not
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a>,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.
+
+ <li><p>If the <a href="#send-flag"><code>send()</code> flag</a> is set,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.
+
+ <li><p>If <var>header</var> does not match the
+ <a class="external" href="http://tools.ietf.org/html/rfc2616/#section-4.2">field-name</a> production,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> a JavaScript <code class="external"><a href="http://dev.w3.org/2006/webapi/WebIDL/#dfn-predefined-exception">TypeError</a></code>.
+
+ <li>
+ <p>If <var>value</var> does not match the
+ <a class="external" href="http://tools.ietf.org/html/rfc2616/#section-4.2">field-value</a> production,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> a JavaScript <code class="external"><a href="http://dev.w3.org/2006/webapi/WebIDL/#dfn-predefined-exception">TypeError</a></code>.
+
+ <p class="note">An empty string represents an empty header field value.
+
+ <li>
+ <p>Terminate these steps if <var>header</var> is a case-insensitive
+ match for one of the following headers:</p>
+
+ <ul>
+ <li><code>Accept-Charset</code></li>
+ <li><code>Accept-Encoding</code></li>
+ <li><code>Access-Control-Request-Headers</code></li>
+ <li><code>Access-Control-Request-Method</code></li>
+ <li><code>Connection</code></li>
+ <li><code>Content-Length</code></li>
+ <li><code>Cookie</code></li>
+ <li><code>Cookie2</code></li>
+ <li><code>Date</code></li>
+ <li><code>DNT</code></li>
+ <li><code>Expect</code></li>
+ <li><code>Host</code></li>
+ <li><code>Keep-Alive</code></li>
+ <li><code title="">Origin</code></li>
+ <li><code>Referer</code></li>
+ <li><code>TE</code></li>
+ <li><code>Trailer</code></li>
+ <li><code>Transfer-Encoding</code></li>
+ <li><code>Upgrade</code></li>
+ <li><code>User-Agent</code></li>
+ <li><code>Via</code></li>
+ </ul>
+
+ <p>… or if the start of <var>header</var> is a case-insensitive
+ match for <code>Proxy-</code> or <code>Sec-</code> (including when
+ <var>header</var> is just <code>Proxy-</code> or <code>Sec-</code>).</p>
+
+ <p class="note">The above headers are controlled by the user agent to
+ let it control those aspects of transport. This guarantees data
+ integrity to some extent. Header names starting with <code>Sec-</code>
+ are not allowed to be set to allow new headers to be minted that are
+ guaranteed not to come from <code><a href="#xmlhttprequest">XMLHttpRequest</a></code>.</p>
+ </li>
+
+ <li><p>If <var>header</var> is not in the
+ <a href="#author-request-headers">author request headers</a> list, append <var>header</var> with
+ its associated <var>value</var> to the list and terminate these
+ steps.</li>
+
+ <li>
+ <p>If <var title="">header</var> is in the <a href="#author-request-headers">author request headers</a> list, append
+ "<code>,</code>", followed by U+0020, followed by <var title="">value</var>, to the
+ value of the header matching <var title="">header</var>.
+
+ <p class="note">The XMLHttpRequest standard intentionally constraints the
+ use of HTTP here in line with contemporary implementations.
+ </ol>
+
+ <div class="example">
+ <p>Some simple code demonstrating what happens when setting the same
+ header twice:</p>
+
+ <pre><code>// The following script:
+var client = new XMLHttpRequest();
+client.open('GET', 'demo.cgi');
+client.setRequestHeader('X-Test', 'one');
+client.setRequestHeader('X-Test', 'two');
+client.send();
+
+// …results in the following header being sent:
+X-Test: one, two</code></pre>
+ </div>
+
+
+ <h4 id="the-timeout-attribute"><span class="secno">4.6.3 </span>The <code title="">timeout</code> attribute</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-timeout" title="dom-XMLHttpRequest-timeout">timeout</a></code>
+ <dd>
+ <p>Can be set to a time in milliseconds. When set to a non-zero value
+ will cause <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#fetch" title="fetch">fetching</a> to
+ terminate after the given time has passed. When the time has passed, the request has
+ not yet completed, and the <a href="#synchronous-flag">synchronous flag</a> is unset, a
+ <code title="event-xhr-timeout"><a href="#event-xhr-timeout">timeout</a></code> event will then be
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-event-dispatch" title="concept-event-dispatch">dispatched</a>,
+ or a "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#timeouterror">TimeoutError</a></code>" exception will be
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">thrown</a> otherwise
+ (for the <code title="dom-XMLHttpRequest"><a href="#dom-xmlhttprequest">send()</a></code> method).
+ <p>When set: throws an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidaccesserror">InvalidAccessError</a></code>" exception if
+ the <a href="#synchronous-flag">synchronous flag</a> is set and the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#document-environment">document environment</a>.
+ </dd>
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-timeout" title="dom-XMLHttpRequest-timeout"><code>timeout</code></dfn>
+ attribute must return its value. Initially its value must be zero.</p>
+
+ <p>Setting the <code title="dom-XMLHttpRequest-timeout"><a href="#dom-xmlhttprequest-timeout">timeout</a></code>
+ attribute must run these steps:
+
+ <ol>
+ <li><p>If the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#document-environment">document environment</a> and the
+ <a href="#synchronous-flag">synchronous flag</a> is set,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidaccesserror">InvalidAccessError</a></code>" exception.
+
+ <li><p>Set its value to the new value.
+ </ol>
+
+ <p class="note">This implies that the
+ <code title="dom-XMLHttpRequest-timeout"><a href="#dom-xmlhttprequest-timeout">timeout</a></code> attribute can be
+ set while <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#fetch" title="fetch">fetching</a> is in
+ progress. If that occurs it will still be measured relative to the start
+ of <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#fetch" title="fetch">fetching</a>.
+
+
+ <h4 id="the-withcredentials-attribute"><span class="secno">4.6.4 </span>The <code title="">withCredentials</code> attribute</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-withcredentials" title="dom-XMLHttpRequest-withCredentials">withCredentials</a></code>
+ <dd>
+ <p>True when <a href="#user-credentials">user credentials</a> are to be included in a
+ cross-origin request. False when they are to be excluded in a
+ cross-origin request and when cookies are to be ignored in its response.
+ Initially false.
+
+ <p>When set: throws an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception if the
+ state is not <a href="#dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT">UNSENT</a> or
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a>, or if
+ the <a href="#send-flag"><code>send()</code> flag</a> is set.</p>
+ <p>When set: throws an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidaccesserror">InvalidAccessError</a></code>" exception if
+ the <a href="#synchronous-flag">synchronous flag</a> is set and the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#document-environment">document environment</a>.</p>
+ </dd>
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-withcredentials" title="dom-XMLHttpRequest-withCredentials"><code>withCredentials</code></dfn>
+ attribute must return its value. Initially its value must be false.
+
+ <p>Setting the
+ <code title="dom-XMLHttpRequest-withCredentials"><a href="#dom-xmlhttprequest-withcredentials">withCredentials</a></code>
+ attribute must run these steps:</p>
+
+ <ol>
+ <li><p>If the state is not
+ <a href="#dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT">UNSENT</a> or
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a>,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.
+
+ <li><p>If the <a href="#send-flag"><code>send()</code> flag</a> is set,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.
+
+ <li><p>If the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#document-environment">document environment</a> and the
+ <a href="#synchronous-flag">synchronous flag</a> is set,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidaccesserror">InvalidAccessError</a></code>" exception.
+
+ <li><p>Set the
+ <code title="dom-XMLHttpRequest-withCredentials"><a href="#dom-xmlhttprequest-withcredentials">withCredentials</a></code>
+ attribute's value to the given value.</li>
+ </ol>
+
+ <p class="note">The
+ <code title="dom-XMLHttpRequest-withCredentials"><a href="#dom-xmlhttprequest-withcredentials">withCredentials</a></code>
+ attribute has no effect when
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#fetch" title="fetch">fetching</a>
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#same-origin" title="same origin">same-origin</a>
+ resources.</p>
+
+
+ <h4 id="the-upload-attribute"><span class="secno">4.6.5 </span>The <code title="">upload</code> attribute</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-upload" title="dom-XMLHttpRequest-upload">upload</a></code>
+ <dd><p>Returns the associated <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code>
+ object. It can be used to gather transmission information when data is
+ transferred to a server.
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-upload" title="dom-XMLHttpRequest-upload"><code>upload</code></dfn>
+ attribute must return the associated
+ <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.</p>
+
+ <p class="note">As indicated earlier, each <code><a href="#xmlhttprequest">XMLHttpRequest</a></code>
+ object has an associated <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.
+
+
+ <h4 id="the-send()-method"><span class="secno">4.6.6 </span>The <code title="">send()</code> method</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-send" title="dom-XMLHttpRequest-send">send</a>([<var title="">data</var> = null])</code>
+ <dd>
+ <p>Initiates the request. The optional argument provides the
+ <a href="#request-entity-body">request entity body</a>. The argument is ignored if
+ <a href="#request-method">request method</a> is <code>GET</code> or
+ <code>HEAD</code>.</p>
+
+ <p>Throws an "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>"
+ exception if the state is not
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a> or if the
+ <a href="#send-flag"><code>send()</code> flag</a> is set.</p>
+ </dd>
+ </dl>
+
+<p>The <dfn id="dom-xmlhttprequest-send" title="dom-XMLHttpRequest-send"><code>send(<var>data</var>)</code></dfn>
+method must run these steps:
+
+ <ol>
+ <li><p>If the state is not
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a>,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.
+
+ <li><p>If the <a href="#send-flag"><code>send()</code> flag</a> is set,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.
+
+ <li><p>If the <a href="#request-method">request method</a> is <code>GET</code> or
+ <code>HEAD</code>, set <var title="">data</var> to null.
+
+ <li>
+ <p>If <var title="">data</var> is null, do not include a
+ <a href="#request-entity-body">request entity body</a> and go to the next step.
+
+ <p>Otherwise, let <var>encoding</var> be null, <var>mime type</var> be
+ null, and then follow these rules, depending on <var title="">data</var>:
+
+ <dl class="switch">
+
+ <dt id="dom-XMLHttpRequest-send-ArrayBufferView"><code class="external"><a href="http://www.khronos.org/registry/typedarray/specs/latest/#ARRAYBUFFERVIEW">ArrayBufferView</a></code>
+ <dd><p>Let the <a href="#request-entity-body">request entity body</a> be the raw data
+ represented by <var title="">data</var>.</dd>
+
+ <dt id="dom-XMLHttpRequest-send-Blob"><code class="external"><a href="http://dev.w3.org/2006/webapi/FileAPI/#blob">Blob</a></code>
+ <dd>
+ <p>If the object's
+ <code class="external" title="dom-Blob-type"><a href="http://dev.w3.org/2006/webapi/FileAPI/#dfn-type">type</a></code>
+ attribute is not the empty string let <var>mime type</var> be its
+ value.</p>
+
+ <p>Let the <a href="#request-entity-body">request entity body</a> be the raw data
+ represented by <var>data</var>.</p>
+ </dd>
+
+
+ <dt id="dom-XMLHttpRequest-send-document"><a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-document" title="concept-document">document</a>
+ <dd>
+ <p>Let <var>encoding</var> be "<code title="">UTF-8</code>".
+
+ <p>If <var title="">data</var> is an <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#html-document">HTML document</a>, let
+ <var>mime type</var> be "<code>text/html</code>", or let <var>mime type</var> be
+ "<code>application/xml</code>" otherwise. Then append "<code>;charset=UTF-8</code>" to
+ <var>mime type</var>.
+
+ <p>Let the <a href="#request-entity-body">request entity body</a> be <var title="">data</var>,
+ <a class="external" href="http://html5.org/specs/dom-parsing.html#concept-serialize" title="concept-serialize">serialized</a>,
+ <a class="external" href="http://dev.w3.org/2006/webapi/WebIDL/#dfn-obtain-unicode" title="convert a DOMString to a sequence of Unicode characters">converted to Unicode</a>,
+ and <a class="external" href="http://encoding.spec.whatwg.org/#utf-8-encode" title="utf-8 encode">utf-8 encoded</a>.
+ Re-throw any exception
+ <a class="external" href="http://html5.org/specs/dom-parsing.html#concept-serialize" title="concept-serialize">serializing</a> throws.
+
+ <p class="note">If <var title="">data</var> cannot be
+ <a class="external" href="http://html5.org/specs/dom-parsing.html#concept-serialize" title="concept-serialize">serialized</a>, an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception is thrown.
+
+ <dt id="dom-XMLHttpRequest-send-a-string">a string
+ <dd>
+ <p>Let <var>encoding</var> be "<code title="">UTF-8</code>".
+
+ <p>Let <var>mime type</var> be "<code>text/plain;charset=UTF-8</code>".</p>
+
+ <p>Let the <a href="#request-entity-body">request entity body</a> be <var title="">data</var>,
+ <a class="external" href="http://encoding.spec.whatwg.org/#utf-8-encode" title="utf-8 encode">utf-8 encoded</a>.
+
+ <dt id="dom-XMLHttpRequest-send-FormData"><code><a href="#formdata">FormData</a></code>
+ <dd>
+ <p>Let the <a href="#request-entity-body">request entity body</a> be the result of running
+ the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/forms.html#multipart/form-data-encoding-algorithm"><code>multipart/form-data</code> encoding algorithm</a>
+ with <var>data</var> as <var>form data set</var> and with
+ <a class="external" href="http://encoding.spec.whatwg.org/#utf-8">utf-8</a> as the
+ explicit character encoding.
+ <!-- need to provide explicit character encoding because otherwise the
+ encoding of the document is used -->
+
+ <p>Let <var>mime type</var> be the concatenation of
+ "<code title="">multipart/form-data;</code>",
+ a U+0020 SPACE character,
+ "<code title="">boundary=</code>", and the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/forms.html#multipart/form-data-boundary-string"><code>multipart/form-data</code> boundary string</a>
+ generated by the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/forms.html#multipart/form-data-encoding-algorithm"><code>multipart/form-data</code> encoding algorithm</a>.
+ </dd>
+
+ </dl>
+
+ <p>If a <code>Content-Type</code> header is in
+ <a href="#author-request-headers">author request headers</a> and its value is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#valid-mime-type">valid MIME type</a> that has a
+ <code>charset</code> parameter whose value is not a case-insensitive
+ match for <var title="">encoding</var>, and <var title="">encoding</var>
+ is not null, set all the <code>charset</code> parameters of that
+ <code>Content-Type</code> header to <var title="">encoding</var>.
+
+ <p>If no <code>Content-Type</code> header is in
+ <a href="#author-request-headers">author request headers</a> and <var title="">mime type</var> is
+ not null, append a <code>Content-Type</code> header with value
+ <var title="">mime type</var> to <a href="#author-request-headers">author request headers</a>.
+
+ <!-- reminder: if we ever change this to always include charset it has
+ to be included as the first parameter for compatibility reasons -->
+ </li>
+
+ <li><p>If the <a href="#synchronous-flag">synchronous flag</a> is set, release the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#storage-mutex">storage mutex</a>.</li>
+
+ <li><p>Unset the <a href="#error-flag">error flag</a>,
+ <a href="#upload-complete-flag">upload complete flag</a> and <a href="#upload-events-flag">upload events flag</a>.
+
+ <li><p>If there is no <a href="#request-entity-body">request entity body</a> or if it is empty,
+ set the <a href="#upload-complete-flag">upload complete flag</a>.
+
+ <li><p>If the <a href="#synchronous-flag">synchronous flag</a> is unset and one or more
+ event listeners are registered on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code>
+ object, set the <a href="#upload-events-flag">upload events flag</a>.
+
+ <li>
+ <p>If the <a href="#synchronous-flag">synchronous flag</a> is unset, run these substeps:</p>
+
+ <ol>
+ <li><p>Set the <a href="#send-flag"><code>send()</code> flag</a>.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-loadstart"><a href="#event-xhr-loadstart">loadstart</a></code>.</li>
+
+ <li><p>If the <a href="#upload-complete-flag">upload complete flag</a> is unset,
+ <a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">fire a progress event</a> named <code title="event-xhr-loadstart"><a href="#event-xhr-loadstart">loadstart</a></code>
+ on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.</li>
+
+ <li><p>Return the <code title="dom-XMLHttpRequest-send"><a href="#dom-xmlhttprequest-send">send()</a></code>
+ method call, but continue running the steps in this algorithm.</li>
+ </ol>
+ </li>
+
+ <li>
+ <dl class="switch">
+ <dt>If the <a href="#source-origin">source origin</a> and the <a href="#request-url">request URL</a>
+ are <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#same-origin">same origin</a></dt>
+
+ <dd>
+ <p>These are the <dfn id="same-origin-request-steps">same-origin request steps</dfn>.</p>
+
+ <p><a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#fetch">Fetch</a> the
+ <a href="#request-url">request URL</a> from <i title="">origin</i>
+ <a href="#source-origin">source origin</a>, using
+ <a href="#referrer-source">referrer source</a> as
+ <i title="">override referrer source</i>, with the
+ <i title="">synchronous flag</i> set if the
+ <a href="#synchronous-flag">synchronous flag</a> is set, using HTTP method
+ <a href="#request-method">request method</a>, taking into account the
+ <a href="#request-entity-body">request entity body</a>, list of
+ <a href="#author-request-headers">author request headers</a>, and the rules listed at the end of
+ this section.</p>
+
+ <dl class="switch">
+ <dt>If the <a href="#synchronous-flag">synchronous flag</a> is set</dt>
+ <dd>
+ <p>While making the request also follow the
+ <a href="#same-origin-request-event-rules">same-origin request event rules</a>.</p>
+
+ <!--
+ This cannot involve any task queue whatsoever because that would
+ mean other tasks on the task queue might get processed as well
+ which is counter to the whole idea of doing things synchronous.
+ -->
+
+ <p class="note">The
+ <code title="dom-XMLHttpRequest-send"><a href="#dom-xmlhttprequest-send">send()</a></code> method call will
+ now be returned by virtue of this algorithm ending.</p>
+ </dd>
+
+ <dt>If the <a href="#synchronous-flag">synchronous flag</a> is unset</dt>
+ <dd>
+
+ <p><a href="#make-upload-progress-notifications">Make upload progress notifications</a>.</p>
+
+ <p><a href="#make-progress-notifications">Make progress notifications</a>.</p>
+
+
+ <p>While processing the request, as data becomes available and when
+ the user interferes with the request,
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#queue-a-task" title="queue a task">queue tasks</a>
+ to update the <a href="#response-entity-body">response entity body</a> and follow the
+ <a href="#same-origin-request-event-rules">same-origin request event rules</a>.</p>
+ </dd>
+ </dl>
+ </dd>
+
+ <dt>Otherwise</dt>
+ <dd>
+ <p>These are the <dfn id="cross-origin-request-steps">cross-origin request steps</dfn>.</p>
+
+
+
+
+ <p>Make a <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request">cross-origin request</a>,
+ passing these as parameters:</p>
+
+ <dl>
+ <dt>request URL</dt>
+ <dd>The <a href="#request-url">request URL</a>.</dd>
+
+ <dt>request method</dt>
+ <dd>The <a href="#request-method">request method</a>.</dd>
+
+ <dt>author request headers</dt>
+ <dd>The list of <a href="#author-request-headers">author request headers</a>.</dd>
+
+ <dt>request entity body</dt>
+ <dd>The <a href="#request-entity-body">request entity body</a>.</dd>
+
+ <dt>source origin</dt>
+ <dd>The <a href="#source-origin">source origin</a>.</dd>
+
+ <dt>referrer source
+ <dd>The
+ <a href="#referrer-source">referrer source</a>.
+
+ <dt>omit credentials flag</dt>
+ <dd>Set if
+ <code title="dom-XMLHttpRequest-withCredentials"><a href="#dom-xmlhttprequest-withcredentials">withCredentials</a></code>
+ attribute's value is false.
+
+ <dt>force preflight flag</dt>
+ <dd>Set if the <a href="#upload-events-flag">upload events flag</a> is set.
+ </dl>
+
+ <dl class="switch">
+ <dt>If the <a href="#synchronous-flag">synchronous flag</a> is set</dt>
+ <dd>
+ <p>While making the request also follow the
+ <a href="#cross-origin-request-event-rules">cross-origin request event rules</a>.</p>
+
+ <!--
+ This cannot involve any task queue whatsoever because that would
+ mean other tasks on the task queue might get processed as well
+ which is counter to the whole idea of doing things synchronous.
+ -->
+
+ <p class="note">The
+ <code title="dom-XMLHttpRequest-send"><a href="#dom-xmlhttprequest-send">send()</a></code> method call will
+ now be returned by virtue of this algorithm ending.</p>
+ </dd>
+
+ <dt>If the <a href="#synchronous-flag">synchronous flag</a> is unset</dt>
+ <dd>
+ <p>While processing the request, as data becomes available and when
+ the end user interferes with the request,
+ <span title="queue a task">queue tasks</span> to update the
+ <a href="#response-entity-body">response entity body</a> and follow the
+ <a href="#cross-origin-request-event-rules">cross-origin request event rules</a>.</p>
+ </dd>
+ </dl>
+
+ </dd>
+ </dl>
+ </li>
+ </ol>
+
+ <hr>
+
+ <p>If the user agent allows the end user to configure a proxy it
+ should modify the request appropriately; i.e., connect
+ to the proxy host instead of the origin server, modify the
+ <code>Request-Line</code> and send <code>Proxy-Authorization</code>
+ headers as specified.</p>
+
+ <hr>
+
+ <p>If the user agent supports HTTP Authentication and
+ <code title="http-authorization">Authorization</code> is not in the list
+ of <a href="#author-request-headers">author request headers</a>, it should
+ consider requests originating from the <code><a href="#xmlhttprequest">XMLHttpRequest</a></code> object
+ to be part of the protection space that includes the accessed URIs and
+ send <code title="http-authorization">Authorization</code> headers and
+ handle <code>401 Unauthorized</code> requests appropriately.</p>
+
+ <p>If authentication fails,
+ <a href="#source-origin">source origin</a> and the
+ <a href="#request-url">request URL</a> are <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#same-origin">same origin</a>,
+ <code title="http-authorization">Authorization</code> is not in the list
+ of <a href="#author-request-headers">author request headers</a>,
+ <a href="#request-url">request URL</a>'s
+ <a class="external" href="http://url.spec.whatwg.org/#concept-url-username" title="concept-url-username">username</a> is
+ the empty string and <a href="#request-url">request URL</a>'s
+ <a class="external" href="http://url.spec.whatwg.org/#concept-url-password" title="concept-url-password">password</a> is
+ null, user agents should prompt the end user for their username and
+ password.</p>
+
+ <p>Otherwise, if authentication fails, user agents
+ must not prompt the end user for their username and
+ password. <a href="#refsHTTPAUTH">[HTTPAUTH]</a>
+
+ <p class="note">Unfortunately end users are prompted because of legacy
+ content constraints. However, when possible this behavior is prohibited,
+ as it is bad UI. E.g. that is why the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#same-origin">same origin</a> restriction is made above.
+
+ <hr>
+
+ <p>If the user agent supports HTTP State Management it
+ should persist, discard and send cookies (as received
+ in the <code>Set-Cookie</code> response header, and sent in the
+ <code>Cookie</code> header) as applicable.
+ <a href="#refsCOOKIES">[COOKIES]</a>
+
+ <hr>
+
+ <p>If the user agent implements a HTTP cache it should
+ respect <code>Cache-Control</code> headers in
+ <a href="#author-request-headers">author request headers</a>
+ (e.g. <code>Cache-Control: no-cache</code> bypasses the cache). It
+ must not send <code>Cache-Control</code> or
+ <code>Pragma</code> request headers automatically unless the end user
+ explicitly requests such behavior (e.g. by reloading the page).</p>
+
+ <p>For <code>304 Not Modified</code> responses that are a result of a
+ user agent generated conditional request the user agent
+ must act as if the server gave a <code>200 OK</code>
+ response with the appropriate content. The user agent
+ must allow <a href="#author-request-headers">author request headers</a> to override automatic cache
+ validation (e.g. <code>If-None-Match</code> or
+ <code>If-Modified-Since</code>), in which case
+ <code>304 Not Modified</code> responses must be passed through.
+ <a href="#refsHTTP">[HTTP]</a>
+
+ <hr>
+
+ <p>If the user agent implements server-driven content-negotiation
+ it must follow these constraints for the
+ <code>Accept</code> and <code>Accept-Language</code> request headers:</p>
+
+ <ul>
+ <li><p>Both headers must not be modified if they are in
+ <a href="#author-request-headers">author request headers</a>.
+
+ <li><p>If not in <a href="#author-request-headers">author request headers</a>,
+ <code>Accept-Language</code> with an appropriate value should be appended
+ to it.
+
+ <li><p>If not in <a href="#author-request-headers">author request headers</a>, <code>Accept</code>
+ with value <code>*/*</code> must be appended to it.
+ </ul>
+
+ <p>Responses must have the content-encodings
+ automatically decoded. <a href="#refsHTTP">[HTTP]</a>
+
+ <hr>
+
+ <p>Besides the <a href="#author-request-headers">author request headers</a>, user agents
+ should not include additional request headers other than those mentioned
+ above or other than those authors are not allowed to set using
+ <code title="dom-XMLHttpRequest-setRequestHeader"><a href="#dom-xmlhttprequest-setrequestheader">setRequestHeader()</a></code>.
+ This ensures that authors have a predictable API.</p>
+
+
+ <h4 id="infrastructure-for-the-send()-method"><span class="secno">4.6.7 </span>Infrastructure for the <code title="">send()</code> method</h4>
+
+ <p>The <dfn id="same-origin-request-event-rules">same-origin request event rules</dfn> are as follows:</p>
+
+ <dl class="switch">
+ <dt>If the <a href="#error-flag">error flag</a> is set
+ <dd><p>Terminate these steps.
+
+ <dt>If the response has an HTTP status code of 301, 302, 303, 307, or 308</dt>
+ <dd>
+ <p>If the redirect violates infinite loop precautions this is a
+ <a href="#network-error">network error</a>.</p>
+
+ <p>Otherwise, run these steps:</p>
+
+ <ol>
+ <li><p>Set the <a href="#request-url">request URL</a> to the
+ <a class="external" href="http://url.spec.whatwg.org/#url">URL</a> conveyed by the
+ <code>Location</code> header.</li>
+
+ <li><p>If the <a href="#source-origin">source origin</a> and the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#origin">origin</a> of <a href="#request-url">request URL</a>
+ are <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#same-origin">same origin</a> transparently follow
+ the redirect while observing the
+ <a href="#same-origin-request-event-rules">same-origin request event rules</a>.
+
+ <li><p>Otherwise, follow the <a href="#cross-origin-request-steps">cross-origin request steps</a>
+ and terminate the steps for this algorithm.</li>
+ </ol>
+
+ <p class="note">HTTP places requirements on the user agent regarding the
+ preservation of the <a href="#request-method">request method</a> and
+ <a href="#request-entity-body">request entity body</a> during redirects, and also requires end
+ users to be notified of certain kinds of automatic redirections.</p>
+ <!-- XXX HTTP needs fixing here -->
+ </dd>
+
+ <dt>If the end user cancels the request</dt>
+ <dd><p>This is an <a href="#abort-error">abort error</a>.</dd>
+
+ <dt>If there is a network error</dt>
+ <dd>
+ <p>In case of DNS errors, TLS negotiation failure, or other type of
+ network errors, this is a <a href="#network-error">network error</a>. Do not request any
+ kind of end user interaction.</p>
+
+ <p class="note">This does not include HTTP responses that indicate
+ some type of error, such as HTTP status code 410.</p>
+ </dd>
+
+
+ <dt>If <code title="dom-XMLHttpRequest-timeout"><a href="#dom-xmlhttprequest-timeout">timeout</a></code> is not 0
+ and since the request started the amount of milliseconds specified by
+ <code title="dom-XMLHttpRequest-timeout"><a href="#dom-xmlhttprequest-timeout">timeout</a></code> has passed</dt>
+ <dd><p>This is a <a href="#timeout-error">timeout error</a>.</dd>
+
+
+ <dt>Once all HTTP headers have been received, the
+ <a href="#synchronous-flag">synchronous flag</a> is unset, and the HTTP status code of the
+ response is not one of 301, 302, 303, 307, and 308</dt>
+ <dd><p><a href="#switch-headers-received">Switch to the HEADERS_RECEIVED state</a>.</dd>
+
+ <dt>Once the first byte (or more) of the
+ <a href="#response-entity-body">response entity body</a> has been received and the
+ <a href="#synchronous-flag">synchronous flag</a> is unset</dt>
+ <dt>If there is no <a href="#response-entity-body">response entity body</a> and the
+ <a href="#synchronous-flag">synchronous flag</a> is unset</dt>
+ <dd><p><a href="#switch-loading">Switch to the LOADING state</a>.</dd>
+
+ <dt>Once the whole <a href="#response-entity-body">response entity body</a> has been
+ received</dt>
+ <dt>If there is no <a href="#response-entity-body">response entity body</a> and the state is
+ <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a></dt>
+ <dt>If there is no <a href="#response-entity-body">response entity body</a> and the
+ <a href="#synchronous-flag">synchronous flag</a> is set</dt>
+ <dd><p><a href="#switch-done">Switch to the DONE state</a>.</dd>
+ </dl>
+
+
+ <hr>
+
+ <p>The <dfn id="cross-origin-request-event-rules">cross-origin request event rules</dfn> are as follows:</p>
+
+ <dl class="switch">
+ <dt>If the <a href="#error-flag">error flag</a> is set
+ <dd><p>Terminate these steps.
+
+ <dt>If the <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request-status">cross-origin request status</a>
+ is <i>preflight complete</i> and the <a href="#synchronous-flag">synchronous flag</a> is
+ unset</dt>
+ <dd><p><a href="#make-upload-progress-notifications">Make upload progress notifications</a>.</dd>
+
+ <dt>If the <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request-status">cross-origin request status</a>
+ is <i title="">network error</i></dt>
+ <dd><p>This is a <a href="#network-error">network error</a>.</dd>
+
+ <dt>If the <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request-status">cross-origin request status</a>
+ is <i title="">abort error</i></dt>
+ <dd><p>This is an <a href="#abort-error">abort error</a>.</dd>
+
+ <dt>If <code title="dom-XMLHttpRequest-timeout"><a href="#dom-xmlhttprequest-timeout">timeout</a></code> is not 0
+ and since the request started the amount of milliseconds specified by
+ <code title="dom-XMLHttpRequest-timeout"><a href="#dom-xmlhttprequest-timeout">timeout</a></code> has passed</dt>
+ <dd><p>This is a <a href="#timeout-error">timeout error</a>.</dd>
+
+ <dt>Once all HTTP headers have been received, the
+ <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request-status">cross-origin request status</a> is
+ <i>success</i>, and the <a href="#synchronous-flag">synchronous flag</a> is unset</dt>
+ <dd>
+ <p><a href="#switch-headers-received">Switch to the HEADERS_RECEIVED state</a>.</p>
+
+ <p><a href="#make-progress-notifications">Make progress notifications</a>.</p>
+ </dd>
+
+ <dt>Once the first byte (or more) of the
+ <a href="#response-entity-body">response entity body</a> has been received, the
+ <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request-status">cross-origin request status</a> is
+ <i>success</i>, and the <a href="#synchronous-flag">synchronous flag</a> is unset</dt>
+ <dt>If there is no <a href="#response-entity-body">response entity body</a>, the
+ <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request-status">cross-origin request status</a> is
+ <i>success</i>, and the <a href="#synchronous-flag">synchronous flag</a> is unset</dt>
+ <dd><p><a href="#switch-loading">Switch to the LOADING state</a>.</dd>
+
+ <dt>Once the whole <a href="#response-entity-body">response entity body</a> has been received
+ and the <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request-status">cross-origin request status</a> is
+ <i>success</i></dt>
+ <dt>If there is no <a href="#response-entity-body">response entity body</a>, the
+ <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request-status">cross-origin request status</a> is
+ <i>success</i>, and the state is
+ <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a></dt>
+ <dt>If there is no <a href="#response-entity-body">response entity body</a>, the
+ <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request-status">cross-origin request status</a> is
+ <i>success</i>, and the <a href="#synchronous-flag">synchronous flag</a> is set</dt>
+ <dd><p><a href="#switch-done">Switch to the DONE state</a>.</dd>
+ </dl>
+
+
+ <hr>
+
+ <p>When something is said to be a <dfn id="network-error">network error</dfn> run the
+ <a href="#request-error">request error</a> steps for exception
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#networkerror">NetworkError</a></code>" and
+ event <code title="event-xhr-error"><a href="#event-xhr-error">error</a></code>.</p>
+
+ <p>When something is said to be an <dfn id="abort-error">abort error</dfn> run the
+ <a href="#request-error">request error</a> steps for exception
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#aborterror">AbortError</a></code>" and event
+ <code title="event-xhr-abort"><a href="#event-xhr-abort">abort</a></code>.</p>
+
+
+ <p>When something is said to be a <dfn id="timeout-error">timeout error</dfn> run the
+ <a href="#request-error">request error</a> steps for exception
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#timeouterror">TimeoutError</a></code>" and event
+ <code title="event-xhr-timeout"><a href="#event-xhr-timeout">timeout</a></code>.</p>
+
+
+ <p>When something is said to be a <dfn id="request-error">request error</dfn> for
+ exception <var>exception</var> and event <var title="">event</var> run these
+ steps:</p>
+
+ <ol>
+ <li><p><a href="#terminate-the-request">Terminate the request</a>.
+
+ <li><p>Change the state to <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>.</li>
+
+ <li><p>If the <a href="#synchronous-flag">synchronous flag</a> is set,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ <var>exception</var> exception.</li>
+
+ <li>
+ <p><a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-event-fire" title="concept-event-fire">Fire an event</a> named <code title="event-xhr-readystatechange"><a href="#event-xhr-readystatechange">readystatechange</a></code>.</p>
+
+ <p class="note">At this point it is clear that the
+ <a href="#synchronous-flag">synchronous flag</a> is unset.</p>
+ </li>
+
+
+ <li>
+ <p>If the <a href="#upload-complete-flag">upload complete flag</a> is unset, follow these
+ substeps:</p>
+
+ <ol>
+ <li><p>Set the <a href="#upload-complete-flag">upload complete flag</a>.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named
+ <code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code> on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named
+ <var title="">event</var> on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named
+ <code title="event-xhr-loadend"><a href="#event-xhr-loadend">loadend</a></code> on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.
+ </ol>
+ </li>
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code>.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <var title="">event</var>.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-loadend"><a href="#event-xhr-loadend">loadend</a></code>.
+ </ol>
+
+ <hr>
+
+ <p>When it is said to
+ <dfn id="switch-headers-received">switch to the HEADERS_RECEIVED state</dfn>
+ run these steps:</p>
+
+ <ol>
+ <li><p>Change the state to <a href="#dom-xmlhttprequest-headers_received" title="dom-XMLHttpRequest-HEADERS_RECEIVED">HEADERS_RECEIVED</a>.</li>
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-event-fire" title="concept-event-fire">Fire an event</a> named <code title="event-xhr-readystatechange"><a href="#event-xhr-readystatechange">readystatechange</a></code>.</li>
+ </ol>
+
+ <p>When it is said to
+ <dfn id="switch-loading">switch to the LOADING state</dfn> run these
+ steps:</p>
+
+ <ol>
+ <li><p>Change the state to <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a>.</li>
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-event-fire" title="concept-event-fire">Fire an event</a> named <code title="event-xhr-readystatechange"><a href="#event-xhr-readystatechange">readystatechange</a></code>.</li>
+ </ol>
+
+ <p>When it is said to
+ <dfn id="switch-done">switch to the DONE state</dfn> run these steps:</p>
+
+ <ol>
+ <li><p>If the <a href="#synchronous-flag">synchronous flag</a> is set, update the
+ <a href="#response-entity-body">response entity body</a>.</li>
+
+ <li><p>Unset the <a href="#synchronous-flag">synchronous flag</a>.
+
+ <li><p>Change the state to <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>.</li>
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-event-fire" title="concept-event-fire">Fire an event</a> named <code title="event-xhr-readystatechange"><a href="#event-xhr-readystatechange">readystatechange</a></code>.</li>
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code>.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-load"><a href="#event-xhr-load">load</a></code>.</li>
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-loadend"><a href="#event-xhr-loadend">loadend</a></code>.</li>
+
+ </ol>
+
+
+ <hr>
+
+ <p>When it is said to <dfn id="make-progress-notifications">make progress notifications</dfn>, while the
+ download is progressing, <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#queue-a-task">queue a task</a> to
+ <a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">fire a progress event</a> named <code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code>
+ about every 50ms or for every byte received, whichever is <em>least</em>
+ frequent.</p>
+
+ <hr>
+
+ <p>When it is said to <dfn id="make-upload-progress-notifications">make upload progress notifications</dfn> run
+ these steps:</p>
+
+ <ul>
+ <li><p>While the request entity body is being transmitted and the
+ <a href="#upload-complete-flag">upload complete flag</a> is unset,
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#queue-a-task">queue a task</a> to
+ <a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">fire a progress event</a> named <code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code> on
+ the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object about every 50ms or for
+ every byte transmitted, whichever is <em>least</em> frequent.</li>
+
+ <li>
+ <p>If the <a href="#request-entity-body">request entity body</a> has been fully transmitted
+ (irrespective of whether the server has started transmitting a response
+ or the status code of such a response) and the
+ <a href="#upload-complete-flag">upload complete flag</a> is still unset,
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#queue-a-task">queue a task</a> to run these substeps:
+
+ <ol>
+ <li><p>Set the <a href="#upload-complete-flag">upload complete flag</a>.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code>
+ on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-load"><a href="#event-xhr-load">load</a></code>
+ on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-loadend"><a href="#event-xhr-loadend">loadend</a></code>
+ on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.
+ </ol>
+ </ul>
+
+
+
+ <h4 id="the-abort()-method"><span class="secno">4.6.8 </span>The <code title="">abort()</code> method</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-abort" title="dom-XMLHttpRequest-abort">abort</a>()</code>
+ <dd>Cancels any network activity.
+ </dl>
+
+<p>The <dfn id="dom-xmlhttprequest-abort" title="dom-XMLHttpRequest-abort"><code>abort()</code></dfn> method must run
+these steps:
+
+ <ol>
+ <li><p><a href="#terminate-the-request">Terminate the request</a>.
+
+ <li>
+ <p>If the state is <a href="#dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT">UNSENT</a>,
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a> with the
+ <a href="#send-flag"><code>send()</code> flag</a> being unset, or
+ <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a> go to the next step.</p>
+
+ <p>Otherwise, run these substeps:</p>
+
+ <ol>
+ <li><p>Change the state to <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>.</li>
+
+ <li><p>Unset the <a href="#send-flag"><code>send()</code> flag</a>.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-event-fire" title="concept-event-fire">Fire an event</a> named <code title="event-xhr-readystatechange"><a href="#event-xhr-readystatechange">readystatechange</a></code>.</li>
+
+ <li>
+ <p>If the <a href="#upload-complete-flag">upload complete flag</a> is false run these
+ substeps:</p>
+
+ <ol>
+ <li><p>Set the <a href="#upload-complete-flag">upload complete flag</a> to true.</li>
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code>
+ on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-abort"><a href="#event-xhr-abort">abort</a></code>
+ on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.</li>
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-loadend"><a href="#event-xhr-loadend">loadend</a></code>
+ on the <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> object.</li>
+ </ol>
+ </li>
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-progress"><a href="#event-xhr-progress">progress</a></code>.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-abort"><a href="#event-xhr-abort">abort</a></code>.
+
+ <li><p><a class="external" href="http://dev.w3.org/2006/webapi/progress/#concept-event-fire-progress" title="concept-event-fire-progress">Fire a progress event</a> named <code title="event-xhr-loadend"><a href="#event-xhr-loadend">loadend</a></code>.
+ </ol>
+ </li>
+
+ <li>
+ <p>Change the state to <a href="#dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT">UNSENT</a>.</p>
+
+ <p class="note">No <code title="event-xhr-readystatechange"><a href="#event-xhr-readystatechange">readystatechange</a></code> event is dispatched.</p>
+ </li>
+ </ol>
+
+
+
+ <h3 id="response"><span class="secno">4.7 </span>Response</h3>
+
+ <p>A <dfn id="concept-response-header" title="concept-response-header">response header</dfn> is a HTTP response header
+ transmitted before the <a href="#response-entity-body">response entity body</a>.
+ <a href="#refsHTTP">[HTTP]</a>
+
+ <p class="note">This excludes trailer fields ("trailers").
+
+
+ <h4 id="the-status-attribute"><span class="secno">4.7.1 </span>The <code title="">status</code> attribute</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-status" title="dom-XMLHttpRequest-status">status</a></code>
+ <dd><p>Returns the HTTP status code.
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-status" title="dom-XMLHttpRequest-status"><code>status</code></dfn>
+ attribute must return the result of running these
+ steps:</p>
+
+ <ol>
+ <li><p>If the state is
+ <a href="#dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT">UNSENT</a> or
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a>, return 0.
+
+ <li><p>If the <a href="#error-flag">error flag</a> is set, return 0.</li>
+
+ <li><p>Return the HTTP status code.</li>
+ </ol>
+
+
+ <h4 id="the-statustext-attribute"><span class="secno">4.7.2 </span>The <code title="">statusText</code> attribute</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-statustext" title="dom-XMLHttpRequest-statusText">statusText</a></code>
+ <dd><p>Returns the HTTP status text.
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-statustext" title="dom-XMLHttpRequest-statusText"><code>statusText</code></dfn>
+ attribute must return the result of running these steps:
+
+ <ol>
+ <li><p>If the state is
+ <a href="#dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT">UNSENT</a> or
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a>, return the empty string.
+
+ <li><p>If the <a href="#error-flag">error flag</a> is set, return the empty string.
+
+ <li><p>Return the HTTP status text.
+ </ol>
+
+
+ <h4 id="the-getresponseheader()-method"><span class="secno">4.7.3 </span>The <code title="">getResponseHeader()</code> method</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-getresponseheader" title="dom-XMLHttpRequest-getResponseHeader">getResponseHeader</a>(<var title="">header</var>)</code>
+ <dd><p>Returns the header field value from the response of which the
+ field name matches <var title="">header</var>, unless the field name is
+ <code>Set-Cookie</code> or <code>Set-Cookie2</code>.
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-getresponseheader" title="dom-XMLHttpRequest-getResponseHeader"><code>getResponseHeader(<var title="">header</var>)</code></dfn>
+ method must run these steps:
+
+ <ol>
+ <li><p>If the state is
+ <a href="#dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT">UNSENT</a> or
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a>, return null.
+
+ <li><p>If the <a href="#error-flag">error flag</a> is set, return null.
+
+ <li><p>If <var>header</var> is a case-insensitive match for
+ <code>Set-Cookie</code> or <code>Set-Cookie2</code>, return null.</li>
+
+ <li><p>If <var>header</var> is a case-insensitive match for multiple
+ <a href="#concept-response-header" title="concept-response-header">response headers</a>, return the values of these
+ headers as a single concatenated string separated from each other by a
+ U+002C COMMA U+0020 SPACE character pair.
+
+ <li><p>If <var>header</var> is a case-insensitive match for a single
+ <a href="#concept-response-header" title="concept-response-header">response header</a>, return the value of that header.
+
+ <li><p>Return null.</li>
+ </ol>
+
+ <p class="note">The Cross-Origin Resource Sharing specification filters
+ <a href="#concept-response-header" title="concept-response-header">response headers</a> exposed by
+ <code title="dom-XMLHttpRequest-getResponseHeader"><a href="#dom-xmlhttprequest-getresponseheader">getResponseHeader()</a></code>
+ for <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request" title="cross-origin request">cross-origin requests</a>.
+ <a href="#refsCORS">[CORS]</a>
+
+ <div class="example">
+
+ <p>For the following script:</p>
+
+ <pre><code>var client = new XMLHttpRequest();
+client.open("GET", "unicorns-are-teh-awesome.txt", true);
+client.send();
+client.onreadystatechange = function() {
+ if(this.readyState == 2) {
+ print(client.getResponseHeader("Content-Type"));
+ }
+}</code></pre>
+
+ <p>The <code>print()</code> function will get to process something
+ like:</p>
+
+ <pre><code>text/plain; charset=UTF-8</code></pre>
+ </div>
+
+
+ <h4 id="the-getallresponseheaders()-method"><span class="secno">4.7.4 </span>The <code title="">getAllResponseHeaders()</code> method</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-getallresponseheaders" title="dom-XMLHttpRequest-getAllResponseHeaders">getAllResponseHeaders</a>()</code>
+ <dd><p>Returns all headers from the response, with the exception of those
+ whose field name is <code>Set-Cookie</code> or
+ <code>Set-Cookie2</code>.
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-getallresponseheaders" title="dom-XMLHttpRequest-getAllResponseHeaders"><code>getAllResponseHeaders()</code></dfn>
+ method must run these steps:</p>
+
+ <ol>
+ <li><p>If the state is
+ <a href="#dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT">UNSENT</a> or
+ <a href="#dom-xmlhttprequest-opened" title="dom-XMLHttpRequest-OPENED">OPENED</a>, return the empty string.
+
+ <li><p>If the <a href="#error-flag">error flag</a> is set, return the empty string.
+
+ <li><p>Return all <a href="#concept-response-header" title="concept-response-header">response headers</a>, excluding headers that are a
+ case-insensitive match for <code>Set-Cookie</code> or
+ <code>Set-Cookie2</code>, as a single string, with each header line
+ separated by a U+000D CR U+000A LF pair, excluding the status line, and
+ with each header name and header value separated by a
+ U+003A COLON U+0020 SPACE pair.</li>
+ </ol>
+
+ <p class="note">The Cross-Origin Resource Sharing specification filters
+ <a href="#concept-response-header" title="concept-response-header">response headers</a> exposed by
+ <code title="dom-XMLHttpRequest-getAllResponseHeaders"><a href="#dom-xmlhttprequest-getallresponseheaders">getAllResponseHeaders()</a></code>
+ for <a class="external" href="http://www.w3.org/TR/cors/#cross-origin-request" title="cross-origin request">cross-origin requests</a>.
+ <a href="#refsCORS">[CORS]</a>
+
+ <div class="example">
+ <p>For the following script:</p>
+
+ <pre><code>var client = new XMLHttpRequest();
+client.open("GET", "narwhals-too.txt", true);
+client.send();
+client.onreadystatechange = function() {
+ if(this.readyState == 2) {
+ print(this.getAllResponseHeaders());
+ }
+}</code></pre>
+
+ <p>The <code>print()</code> function will get to process something
+ like:</p>
+
+ <pre><code>Date: Sun, 24 Oct 2004 04:58:38 GMT
+Server: Apache/1.3.31 (Unix)
+Keep-Alive: timeout=15, max=99
+Connection: Keep-Alive
+Transfer-Encoding: chunked
+Content-Type: text/plain; charset=utf-8</code></pre>
+ </div>
+
+
+
+ <h4 id="response-entity-body-0"><span class="secno">4.7.5 </span>Response entity body</h4>
+
+ <p>The <dfn id="response-mime-type">response MIME type</dfn> is the
+ MIME type the <code>Content-Type</code> header contains excluding any
+ parameters and
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#converted-to-ascii-lowercase">converted to ASCII lowercase</a>, or null if
+ the response header can not be parsed or was omitted. The
+ <dfn id="override-mime-type">override MIME type</dfn> is initially null
+ and can get a value if
+ <code title="dom-XMLHttpRequest-overrideMimeType"><a href="#dom-xmlhttprequest-overridemimetype">overrideMimeType()</a></code>
+ is invoked. <dfn id="final-mime-type">Final MIME type</dfn> is the
+ <a href="#override-mime-type">override MIME type</a> unless that is null in which case it is
+ the <a href="#response-mime-type">response MIME type</a>.
+
+ <p>The <dfn id="response-charset">response charset</dfn> is the value of
+ the <code>charset</code> parameter of the <code>Content-Type</code> header
+ or null if there was no <code>charset</code> parameter or the header could
+ not be parsed or was omitted. The
+ <dfn id="override-charset">override charset</dfn> is initially null and
+ can get a value if <code title="dom-XMLHttpRequest-overrideMimeType"><a href="#dom-xmlhttprequest-overridemimetype">overrideMimeType()</a></code> is invoked.
+ <dfn id="final-charset">Final charset</dfn> is the
+ <a href="#override-charset">override charset</a> unless
+ that is null in which case it is the <a href="#response-charset">response charset</a>.</p>
+
+
+
+ <hr>
+
+ <p>The <dfn id="response-entity-body">response entity body</dfn> is the
+ fragment of the <a class="external" href="http://tools.ietf.org/html/rfc2616/#section-7.2">entity body</a> of the
+ response received so far
+ (<a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a>) or the complete
+ <a class="external" href="http://tools.ietf.org/html/rfc2616/#section-7.2">entity body</a> of the response
+ (<a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>). If the response
+ does not have an <a class="external" href="http://tools.ietf.org/html/rfc2616/#section-7.2">entity body</a>, the
+ <a href="#response-entity-body">response entity body</a> is null.</p>
+
+ <p class="note">The <a href="#response-entity-body">response entity body</a> is updated as part
+ of the <code title="dom-XMLHttpRequest-send"><a href="#dom-xmlhttprequest-send">send()</a></code> method and reset by the
+ <code title="dom-XMLHttpRequest-open"><a href="#dom-xmlhttprequest-open">open()</a></code> method.</p>
+
+ <hr>
+
+ <p>The
+ <dfn id="arraybuffer-response-entity-body">arraybuffer response entity body</dfn>
+ is either an <code class="external"><a href="http://www.khronos.org/registry/typedarray/specs/latest/#ARRAYBUFFER">ArrayBuffer</a></code> representing
+ the <a href="#response-entity-body">response entity body</a> or null. If the
+ <a href="#arraybuffer-response-entity-body">arraybuffer response entity body</a> is null, let it be the return value of the
+ following algorithm:</p>
+
+ <ol>
+ <li><p>If the <a href="#response-entity-body">response entity body</a> is null, return an empty
+ <code class="external"><a href="http://www.khronos.org/registry/typedarray/specs/latest/#ARRAYBUFFER">ArrayBuffer</a></code> object.</li>
+
+ <li><p>Return an <code class="external"><a href="http://www.khronos.org/registry/typedarray/specs/latest/#ARRAYBUFFER">ArrayBuffer</a></code>
+ object representing the <a href="#response-entity-body">response entity body</a>.</li>
+ </ol>
+
+
+ <p>The
+ <dfn id="blob-response-entity-body">blob response entity body</dfn> is either a
+ <code class="external"><a href="http://dev.w3.org/2006/webapi/FileAPI/#blob">Blob</a></code> representing the
+ <a href="#response-entity-body">response entity body</a> or null. If the <a href="#blob-response-entity-body">blob response entity body</a>
+ is null, set it to the return value of the following algorithm:</p>
+
+ <ol>
+ <li><p>If the <a href="#response-entity-body">response entity body</a> is null, return an empty
+ <code class="external"><a href="http://dev.w3.org/2006/webapi/FileAPI/#blob">Blob</a></code> object.</li>
+
+ <li><p>Return a <code class="external"><a href="http://dev.w3.org/2006/webapi/FileAPI/#blob">Blob</a></code> object
+ representing the <a href="#response-entity-body">response entity body</a>.
+ </ol>
+
+
+
+ <p>The
+ <dfn id="document-response-entity-body">document response entity body</dfn>
+ is either a <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-document" title="concept-document">document</a>
+ representing the <a href="#response-entity-body">response entity body</a> or null. If the
+ <a href="#document-response-entity-body">document response entity body</a> is null, set it to the return value of the
+ following algorithm:</p>
+
+ <ol>
+ <li><p>If the <a href="#response-entity-body">response entity body</a> is null, return null.</li>
+
+ <li><p>If the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#worker-environment">worker environment</a>, return null.
+
+ <li><p>If <a href="#final-mime-type">final MIME type</a> is not null,
+ <code>text/html</code>, <code>text/xml</code>,
+ <code>application/xml</code>, or does not end in
+ <code title="">+xml</code>, return null.
+
+ <li>
+ <p>If <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> is
+ the empty string and <a href="#final-mime-type">final MIME type</a> is
+ <code>text/html</code>, return null.
+
+ <p class="note">This is restricted to
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> being
+ "<code title="">document</code>" in order to prevent breaking legacy
+ content.
+
+ <li>
+ <p>If <a href="#final-mime-type">final MIME type</a> is <code>text/html</code>, run these
+ substeps:
+
+ <ol>
+ <li><p>Let <var>charset</var> be the <a href="#final-charset">final charset</a>.
+
+ <li><p>If <var>charset</var> is null,
+ <span title="prescan a byte stream to determine its encoding">prescan</span>
+ the first 1024 bytes of the <a href="#response-entity-body">response entity body</a> and if
+ that does not terminate unsuccessfully then let <var>charset</var> be
+ the return value.
+
+ <li><p>If <var>charset</var> is null, set <var>charset</var> to
+ <a class="external" href="http://encoding.spec.whatwg.org/#utf-8">utf-8</a>.
+
+ <li><p>Let <var title="">document</var> be a
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-document" title="concept-document">document</a> that
+ represents the result parsing <a href="#response-entity-body">response entity body</a> following the rules set
+ forth in the HTML Standard for an HTML parser with scripting disabled and
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/syntax.html#a-known-definite-encoding">a known definite encoding</a> <var>charset</var>.
+ <a href="#refsHTML">[HTML]</a>
+
+ <li><p>Flag <var title="">document</var> as an
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#html-document">HTML document</a>.
+ </ol>
+
+ <li>
+ <p>Otherwise, let <var title="">document</var> be a
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-document" title="concept-document">document</a>
+ that represents the result of parsing the
+ <a href="#response-entity-body">response entity body</a> following the rules set forth in the
+ XML specifications. If that fails (unsupported character encoding,
+ namespace well-formedness error, etc.), return null.
+ <a href="#refsXML">[XML]</a> <a href="#refsXMLNS">[XMLNS]</a>
+
+ <p class="note">Scripts in the resulting document tree will not be
+ executed, resources referenced will not be loaded and no associated XSLT
+ will be applied.</p> <!-- XXX more formally?! -->
+
+ <li><p>If <var>charset</var> is null, set <var>charset</var> to
+ <a class="external" href="http://encoding.spec.whatwg.org/#utf-8">utf-8</a>.
+ <!-- can only happen in the XML case -->
+
+ <li><p>Set <var title="">document</var>'s
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-document-encoding" title="concept-document-encoding">encoding</a> to
+ <var>charset</var>.
+
+ <li><p>Set <var title="">document</var>'s
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-document-content-type" title="concept-document-content-type">content type</a>
+ to <a href="#final-mime-type">final MIME type</a>.
+
+ <li><p>Set <var title="">document</var>'s
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-document-url" title="concept-document-url">URL</a> to
+ <a href="#request-url">request URL</a>.
+
+ <li><p>Set <var title="">document</var>'s
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/browsers.html#origin">origin</a> to
+ <a href="#source-origin">source origin</a>.
+
+ <li><p>Return <var title="">document</var>.
+ </ol>
+
+<p>The <dfn id="json-response-entity-body">JSON response entity body</dfn> is either a JavaScript value
+representing the <a href="#response-entity-body">response entity body</a>. If the
+<a href="#json-response-entity-body">JSON response entity body</a> is null, set it to the return value of the following
+algorithm:</p>
+
+<ol>
+ <li><p>Let <var title="">JSON text</var> be the result of running
+ <a class="external" href="http://encoding.spec.whatwg.org/#utf-8-decode">utf-8 decode</a> on byte stream
+ <a href="#response-entity-body">response entity body</a>.
+
+ <li><p>Return the result of invoking the initial value of the <code title="">parse</code>
+ property of the <code title="">JSON</code> object defined in JavaScript, with
+ <var title="">JSON text</var> as its only argument, or null if that function
+ throws an exception. <a href="#refsECMASCRIPT">[ECMASCRIPT]</a>
+</ol>
+
+
+ <p>The <dfn id="text-response-entity-body">text response entity body</dfn> is either a
+ string representing the <a href="#response-entity-body">response entity body</a> or null. If the
+ <a href="#text-response-entity-body">text response entity body</a> is null, set it to the return value of the
+ following algorithm:</p>
+
+ <ol>
+ <li><p>If the <a href="#response-entity-body">response entity body</a> is null, return the empty string.</p>
+
+ <li><p>Let <var>charset</var> be the <a href="#final-charset">final charset</a>.
+
+ <li>
+ <p>If <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> is
+ the empty string, <var>charset</var> is null, and
+ <a href="#final-mime-type">final MIME type</a> is either null, <code>text/xml</code>,
+ <code>application/xml</code> or ends in <code title="">+xml</code>, use the
+ rules set forth in the XML specifications to determine the encoding. Let
+ <var>charset</var> be the determined encoding.
+ <a href="#refsXML">[XML]</a> <a href="#refsXMLNS">[XMLNS]</a>
+
+ <p class="note">This is restricted to
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> being
+ the empty string to keep the non-legacy
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> value
+ "<code title="">text</code>" simple.
+
+ <li><p>If <var>charset</var> is null, set <var>charset</var> to
+ <a class="external" href="http://encoding.spec.whatwg.org/#utf-8">utf-8</a>.
+
+ <li><p>Return the result of running
+ <a class="external" href="http://encoding.spec.whatwg.org/#decode">decode</a> on byte stream
+ <a href="#response-entity-body">response entity body</a> using fallback encoding
+ <var>charset</var>.
+ </ol>
+
+ <p class="note">Authors are strongly encouraged to always encode their
+ resources using <a class="external" href="http://encoding.spec.whatwg.org/#utf-8">utf-8</a>.
+
+
+
+ <h4 id="the-overridemimetype()-method"><span class="secno">4.7.6 </span>The <code title="">overrideMimeType()</code> method</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-overridemimetype" title="dom-XMLHttpRequest-overrideMimeType">overrideMimeType</a>(<var title="">mime</var>)</code>
+ <dd>
+ <p>Sets the <code>Content-Type</code> header for the response to
+ <var title="">mime</var>.</p>
+
+ <p>Throws an "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>"
+ exception if the state is
+ <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a> or
+ <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>.
+
+ <p>Throws a JavaScript <code class="external"><a href="http://dev.w3.org/2006/webapi/WebIDL/#dfn-predefined-exception">TypeError</a></code> if
+ <var title="">mime</var> is not a valid media type.</p>
+ </dd>
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-overridemimetype" title="dom-XMLHttpRequest-overrideMimeType"><code>overrideMimeType(<var title="">mime</var>)</code></dfn>
+ method must run these steps:
+
+ <ol>
+ <li><p>If the state is
+ <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a> or
+ <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.
+
+ <li><p>If parsing <var title="">mime</var> analogously to the value of
+ the <code>Content-Type</code> header fails,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> a JavaScript <code class="external"><a href="http://dev.w3.org/2006/webapi/WebIDL/#dfn-predefined-exception">TypeError</a></code>.
+
+ <li><p>If <var title="">mime</var> is successfully parsed, set
+ <a href="#override-mime-type">override MIME type</a> to its MIME type,
+ excluding any parameters, and
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#converted-to-ascii-lowercase">converted to ASCII lowercase</a>.
+
+ <li><p>If a <code>charset</code> parameter is successfully parsed, set
+ <a href="#override-charset">override charset</a> to its value.</li>
+ </ol>
+
+
+
+ <h4 id="the-responsetype-attribute"><span class="secno">4.7.7 </span>The <code title="">responseType</code> attribute</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-responsetype" title="dom-XMLHttpRequest-responseType">responseType</a></code><code> [ = <var title="">value</var> ]</code>
+ <dd>
+ <p>Returns the response type.</p>
+ <p>Can be set to change the response type. Values are:
+ the empty string (default),
+ "<code title="">arraybuffer</code>",
+ "<code title="">blob</code>",
+ "<code title="">document</code>",
+ "<code title="">json</code>", and
+ "<code title="">text</code>".</p>
+ <p>When set: setting to "<code title="">document</code>" is ignored if the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#worker-environment">worker environment</a>
+ <p>When set: throws an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception if the
+ state is <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a> or
+ <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>.
+ <p>When set: throws an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidaccesserror">InvalidAccessError</a></code>" exception if the
+ <a href="#synchronous-flag">synchronous flag</a> is set and the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#document-environment">document environment</a>.
+ </dl>
+
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-responsetype" title="dom-XMLHttpRequest-responseType"><code>responseType</code></dfn>
+ attribute must return its value. Initially its value must be the empty
+ string.
+
+ <p>Setting the
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code>
+ attribute must run these steps:
+
+ <ol>
+ <li><p>If the state is
+ <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a> or
+ <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.
+
+ <li><p>If the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#document-environment">document environment</a> and the
+ <a href="#synchronous-flag">synchronous flag</a> is set,
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidaccesserror">InvalidAccessError</a></code>" exception.
+
+ <li><p>If the
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#worker-environment">worker environment</a> and the given
+ value is "<code title="">document</code>", terminate these steps.
+
+ <li><p>Set the
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code>
+ attribute's value to the given value.</li>
+ </ol>
+
+
+
+
+ <h4 id="the-response-attribute"><span class="secno">4.7.8 </span>The <code title="">response</code> attribute</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-response" title="dom-XMLHttpRequest-response">response</a></code>
+ <dd><p>Returns the <a href="#response-entity-body">response entity body</a>.
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-response" title="dom-XMLHttpRequest-response"><code>response</code></dfn>
+ attribute must return the result of running these
+ steps:</p>
+
+ <dl class="switch">
+ <dt>If <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code>
+ is the empty string or "<code title="">text</code>"</dt>
+ <dd>
+ <ol>
+ <li><p>If the state is not
+ <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a> or
+ <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>, return the empty string.</li>
+
+ <li><p>If the <a href="#error-flag">error flag</a> is set, return the empty string.</li>
+
+ <li><p>Return the <a href="#text-response-entity-body">text response entity body</a>.</li>
+ </ol>
+ </dd>
+ <dt>Otherwise</dt>
+ <dd>
+ <ol>
+ <li><p>If the state is not
+ <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>, return null.</li>
+
+ <li><p>If the <a href="#error-flag">error flag</a> is set, return null.</li>
+
+ <li>
+ <dl class="switch">
+ <dt>If
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> is
+ "<code title="">arraybuffer</code>"</dt>
+ <dd><p>Return the
+ <a href="#arraybuffer-response-entity-body">arraybuffer response entity body</a>.</dd>
+
+ <dt>If
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> is
+ "<code title="">blob</code>"</dt>
+ <dd><p>Return the
+ <a href="#blob-response-entity-body">blob response entity body</a>.</dd>
+
+ <dt>If
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> is
+ "<code title="">document</code>"</dt>
+ <dd><p>Return the
+ <a href="#document-response-entity-body">document response entity body</a>.</dd>
+
+ <dt>If
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> is
+ "<code title="">json</code>"</dt>
+ <dd><p>Return the
+ <a href="#json-response-entity-body">JSON response entity body</a>.</dd>
+ </dl>
+ </li>
+ </ol>
+ </dd>
+ </dl>
+
+
+
+ <h4 id="the-responsetext-attribute"><span class="secno">4.7.9 </span>The <code title="">responseText</code> attribute</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-responsetext" title="dom-XMLHttpRequest-responseText">responseText</a></code>
+ <dd>
+ <p>Returns the <a href="#text-response-entity-body">text response entity body</a>.
+
+ <p>Throws an "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>"
+ exception if
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> is not
+ the empty string or "<code title="">text</code>".
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-responsetext" title="dom-XMLHttpRequest-responseText"><code>responseText</code></dfn>
+ attribute must return the result of running these
+ steps:</p>
+
+ <ol>
+
+ <li><p>If
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> is not
+ the empty string or "<code title="">text</code>",
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.
+
+
+ <li><p>If the state is not
+ <a href="#dom-xmlhttprequest-loading" title="dom-XMLHttpRequest-LOADING">LOADING</a> or
+ <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>, return the empty string.</li>
+
+ <li><p>If the <a href="#error-flag">error flag</a> is set, return the empty string.</li>
+
+ <li><p>Return the <a href="#text-response-entity-body">text response entity body</a>.</li>
+ </ol>
+
+
+ <h4 id="the-responsexml-attribute"><span class="secno">4.7.10 </span>The <code title="">responseXML</code> attribute</h4>
+
+ <dl class="domintro">
+ <dt><code><var title="">client</var> . <a href="#dom-xmlhttprequest-responsexml" title="dom-XMLHttpRequest-responseXML">responseXML</a></code>
+ <dd>
+ <p>Returns the <a href="#document-response-entity-body">document response entity body</a>.</p>
+
+ <p>Throws an "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>"
+ exception if
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> is not
+ the empty string or "<code title="">document</code>".
+ </dl>
+
+ <p>The
+ <dfn id="dom-xmlhttprequest-responsexml" title="dom-XMLHttpRequest-responseXML"><code>responseXML</code></dfn>
+ attribute must return the result of running these steps:</p>
+
+ <ol>
+
+ <li><p>If
+ <code title="dom-XMLHttpRequest-responseType"><a href="#dom-xmlhttprequest-responsetype">responseType</a></code> is not
+ the empty string or "<code title="">document</code>",
+ <a class="external" href="http://dev.w3.org/2006/webapi/DOM4Core/#concept-throw" title="concept-throw">throw</a> an
+ "<code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#invalidstateerror">InvalidStateError</a></code>" exception.</li>
+
+
+ <li><p>If the state is not
+ <a href="#dom-xmlhttprequest-done" title="dom-XMLHttpRequest-DONE">DONE</a>, return null.
+
+ <li><p>If the <a href="#error-flag">error flag</a> is set, return null.
+
+ <li><p>Return the <a href="#document-response-entity-body">document response entity body</a>.</li>
+ </ol>
+
+
+ <p class="note">The
+ <code title="dom-XMLHttpRequest-responseXML"><a href="#dom-xmlhttprequest-responsexml">responseXML</a></code> attribute
+ has XML in its name for historical reasons. It also returns HTML resources
+ as documents.</p>
+
+
+ <h3 id="events"><span class="secno">4.8 </span>Events summary</h3>
+
+ <p><em>This section is non-normative.</em></p>
+
+ <p>The following events are dispatched on <code><a href="#xmlhttprequest">XMLHttpRequest</a></code>
+ and/or <code><a href="#xmlhttprequestupload">XMLHttpRequestUpload</a></code> objects:</p>
+
+ <table>
+ <thead>
+ <tr>
+ <th>Event name</th>
+ <th>Interface</th>
+ <th>Dispatched when…</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td><dfn id="event-xhr-readystatechange" title="event-xhr-readystatechange"><code>readystatechange</code></dfn></td>
+ <td><code class="external"><a href="http://dev.w3.org/2006/webapi/DOM4Core/#event">Event</a></code></td>
+ <td>The <code title="dom-XMLHttpRequest-readyState"><a href="#dom-xmlhttprequest-readystate">readyState</a></code> attribute changes
+ value, except when it changes to <a href="#dom-xmlhttprequest-unsent" title="dom-XMLHttpRequest-UNSENT">UNSENT</a>.
+ </tr>
+ <tr>
+ <td><dfn id="event-xhr-loadstart" title="event-xhr-loadstart"><code>loadstart</code></dfn></td>
+ <td><code class="external"><a href="http://dev.w3.org/2006/webapi/progress/#progressevent">ProgressEvent</a></code></td>
+ <td>The request starts.</td>
+ </tr>
+ <tr>
+ <td><dfn id="event-xhr-progress" title="event-xhr-progress"><code>progress</code></dfn></td>
+ <td><code class="external"><a href="http://dev.w3.org/2006/webapi/progress/#progressevent">ProgressEvent</a></code></td>
+ <td>Transmitting data.</td>
+ </tr>
+ <tr>
+ <td><dfn id="event-xhr-abort" title="event-xhr-abort"><code>abort</code></dfn></td>
+ <td><code class="external"><a href="http://dev.w3.org/2006/webapi/progress/#progressevent">ProgressEvent</a></code></td>
+ <td>The request has been aborted. For instance, by invoking the
+ <code title="dom-XMLHttpRequest-abort"><a href="#dom-xmlhttprequest-abort">abort()</a></code> method.</td>
+ </tr>
+ <tr>
+ <td><dfn id="event-xhr-error" title="event-xhr-error"><code>error</code></dfn></td>
+ <td><code class="external"><a href="http://dev.w3.org/2006/webapi/progress/#progressevent">ProgressEvent</a></code></td>
+ <td>The request has failed.</td>
+ </tr>
+ <tr>
+ <td><dfn id="event-xhr-load" title="event-xhr-load"><code>load</code></dfn></td>
+ <td><code class="external"><a href="http://dev.w3.org/2006/webapi/progress/#progressevent">ProgressEvent</a></code></td>
+ <td>The request has successfully completed.</td>
+ </tr>
+ <tr>
+ <td><dfn id="event-xhr-timeout" title="event-xhr-timeout"><code>timeout</code></dfn></td>
+ <td><code class="external"><a href="http://dev.w3.org/2006/webapi/progress/#progressevent">ProgressEvent</a></code></td>
+ <td>The author specified timeout has passed before the request
+ completed.</td>
+ </tr>
+ <tr>
+ <td><dfn id="event-xhr-loadend" title="event-xhr-loadend"><code>loadend</code></dfn></td>
+ <td><code class="external"><a href="http://dev.w3.org/2006/webapi/progress/#progressevent">ProgressEvent</a></code></td>
+ <td>The request has completed (either in success or failure).</td>
+ </tr>
+ </tbody>
+ </table>
+
+
+
+<h2 id="interface-formdata"><span class="secno">5 </span>Interface <code title="">FormData</code></h2>
+
+<pre class="idl">[<a href="#dom-formdata" title="dom-FormData">Constructor</a>(optional <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/forms.html#htmlformelement">HTMLFormElement</a> <var>form</var>)]
+interface <dfn id="formdata">FormData</dfn> {
+ void <a href="#dom-formdata-append" title="dom-FormData-append">append</a>([EnsureUTF16] DOMString <var>name</var>, <a class="external" href="http://dev.w3.org/2006/webapi/FileAPI/#blob">Blob</a> <var>value</var>, optional [EnsureUTF16] DOMString <var>filename</var>);
+ void <a href="#dom-formdata-append" title="dom-FormData-append">append</a>([EnsureUTF16] DOMString <var>name</var>, [EnsureUTF16] DOMString <var>value</var>);
+};</pre>
+
+<p>If the <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#javascript-global-environment">JavaScript global environment</a> is a
+<a class="external" href="http://www.w3.org/html/wg/drafts/html/master/webappapis.html#worker-environment">worker environment</a>, <code><a href="#formdata">FormData</a></code> must be
+<a class="external" href="http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#exposed-to-javascript">exposed to JavaScript</a> as if the constructor part of the
+IDL reads <code title="">[Constructor]</code> (i.e. has no arguments).
+<!-- maybe move this into IDL at some point -->
+
+<p>The <code><a href="#formdata">FormData</a></code> object represents an ordered list of
+<dfn id="concept-formdata-entry" title="concept-FormData-entry">entries</dfn>. Each
+<a href="#concept-formdata-entry" title="concept-FormData-entry">entry</a> consists of a
+<dfn id="concept-formdata-entry-name" title="concept-FormData-entry-name">name</dfn> and a
+<dfn id="concept-formdata-entry-value" title="concept-FormData-entry-value">value</dfn>.
+
+<p>For the purposes of interaction with other algorithms, an
+<a href="#concept-formdata-entry" title="concept-FormData-entry">entry</a>'s type is "string" if
+<a href="#concept-formdata-entry-value" title="concept-FormData-entry-value">value</a> is a string and "file" otherwise. If
+an <a href="#concept-formdata-entry" title="concept-FormData-entry">entry</a>'s type is "file", its filename is the
+value of <a href="#concept-formdata-entry" title="concept-FormData-entry">entry</a>'s
+<a href="#concept-formdata-entry-value" title="concept-FormData-entry-value">value</a>'s
+<code class="external" title="dom-File-name"><a href="http://dev.w3.org/2006/webapi/FileAPI/#dfn-name">name</a></code> attribute.
+
+<dl class="domintro">
+ <dt><code><var title="">fd</var> = new <a href="#dom-formdata" title="dom-FormData">FormData</a>([<var title="">form</var>])</code>
+ <dd><p>Returns a new <code><a href="#formdata">FormData</a></code> object, optionally initialized with the
+ <a href="#concept-formdata-entry" title="concept-FormData-entry">entries</a> from <var title="">form</var> (if given).
+
+ <dt><code><var title="">fd</var> . <a href="#dom-formdata-append" title="dom-FormData-append">append</a>(<var title="">name</var>, <var title="">value</var> [, <var title="">filename</var>])</code>
+ <dd><p>Appends a new <a href="#concept-formdata-entry" title="concept-FormData-entry">entry</a> to the
+ <code><a href="#formdata">FormData</a></code> object.
+</dl>
+
+ <p>The
+ <dfn id="dom-formdata" title="dom-FormData"><code>FormData(<var>form</var>)</code></dfn>
+ constructor must run these steps:
+
+ <ol>
+ <li><p>Let <var title="">fd</var> be a new <code><a href="#formdata">FormData</a></code> object.
+
+ <li><p>If <var>form</var> is given, set <var title="">fd</var>'s
+ <a href="#concept-formdata-entry" title="concept-FormData-entry">entries</a> to the result of
+ <a class="external" href="http://www.w3.org/html/wg/drafts/html/master/forms.html#constructing-the-form-data-set">constructing the form data set</a> for <var>form</var>.
+
+ <li><p>Return <var title="">fd</var>.
+ </ol>
+
+<p>The
+<dfn id="dom-formdata-append" title="dom-FormData-append"><code>append(<var>name</var>, <var>value</var>, <var>filename</var>)</code></dfn>
+method must run these steps:
+
+<ol>
+ <li><p>Let <var title="">entry</var> be a new
+ <a href="#concept-formdata-entry" title="concept-FormData-entry">entry</a>.
+
+ <li><p>Set <var title="">entry</var>'s <a href="#concept-formdata-entry-name" title="concept-FormData-entry-name">name</a>
+ to <var>name</var>.
+
+ <li><p>If <var>value</var> is a <code class="external"><a href="http://dev.w3.org/2006/webapi/FileAPI/#blob">Blob</a></code>, set
+ <var>value</var> to a new <code class="external"><a href="http://dev.w3.org/2006/webapi/FileAPI/#file">File</a></code> object whose
+ <code class="external" title="dom-File-name"><a href="http://dev.w3.org/2006/webapi/FileAPI/#dfn-name">name</a></code> attribute value is
+ "<code title="">blob</code>".
+
+ <li><p>If <var>value</var> is a <code class="external"><a href="http://dev.w3.org/2006/webapi/FileAPI/#file">File</a></code> and
+ <var title="">filename</var> is given, set <var>value</var>'s
+ <code class="external" title="dom-File-name"><a href="http://dev.w3.org/2006/webapi/FileAPI/#dfn-name">name</a></code> attribute value to
+ <var title="">filename</var>.
+
+ <li><p>Set <var title="">entry</var>'s <a href="#concept-formdata-entry-value" title="concept-FormData-entry-value">value</a>
+ to <var>value</var>.
+
+ <li><p>Append <var title="">entry</var> to <code><a href="#formdata">FormData</a></code> object's list of
+ <a href="#concept-formdata-entry" title="concept-FormData-entry">entries</a>.
+</ol>
+
+<h2 class="no-num" id="references">References</h2>
+<div id="anolis-references"><dl><dt id="refsCOOKIES">[COOKIES]
+<dd><cite><a href="http://tools.ietf.org/html/rfc6265">HTTP State Management Mechanism</a></cite>, Adam Barth. IETF.
+
+<dt id="refsCORS">[CORS]
+<dd><cite><a href="http://www.w3.org/TR/cors/">Cross-Origin Resource Sharing</a></cite>, Anne van Kesteren. W3C.
+
+<dt id="refsDOM">[DOM]
+<dd><cite><a href="http://www.w3.org/TR/dom/">DOM</a></cite>, Anne van Kesteren, Aryeh Gregor, Ms2ger et al.. W3C.
+
+<dt id="refsDOMPS">[DOMPS]
+<dd><cite><a href="http://www.w3.org/TR/DOM-Parsing/">DOM Parsing and Serialization</a></cite>, Travis Leithead and Ms2ger. W3C.
+
+<dt id="refsECMASCRIPT">[ECMASCRIPT]
+<dd><cite><a href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">ECMAScript Language Specification</a></cite>. ECMA.
+
+<dt id="refsENCODING">[ENCODING]
+<dd><cite><a href="http://encoding.spec.whatwg.org/">Encoding Standard</a></cite>, Anne van Kesteren. WHATWG.
+
+<dt id="refsFILEAPI">[FILEAPI]
+<dd><cite><a href="http://www.w3.org/TR/FileAPI/">File API</a></cite>, Arun Ranganathan and Jonas Sicking. W3C.
+
+<dt id="refsHTML">[HTML]
+<dd><cite><a href="http://www.w3.org/TR/html5/">HTML</a></cite>, Robin Berjon, Travis Leithead, Erika Doyle Navara et al.. W3C.
+
+<dt id="refsHTTP">[HTTP]
+<dd><cite><a href="http://tools.ietf.org/html/rfc2616">Hypertext Transfer Protocol -- HTTP/1.1</a></cite>, Roy Fielding, James Gettys, Jeffrey Mogul et al.. IETF.
+
+<dt id="refsHTTPAUTH">[HTTPAUTH]
+<dd><cite><a href="http://tools.ietf.org/html/rfc2617">HTTP Authentication: Basic and Digest Access Authentication</a></cite>, J. Franks, Phillip Hallam-Baker, J. Hostetler et al.. IETF.
+
+<dt id="refsHTTPVERBSEC">[HTTPVERBSEC]
+<dd><cite><a href="http://www.kb.cert.org/vuls/id/867593">Multiple vendors' web servers enable HTTP TRACE method by default</a></cite>. US-CERT.
+
+<dd><cite><a href="http://www.kb.cert.org/vuls/id/288308">Microsoft Internet Information Server (IIS) vulnerable to cross-site scripting via HTTP TRACK method</a></cite>. US-CERT.
+
+<dd><cite><a href="http://www.kb.cert.org/vuls/id/150227">HTTP proxy default configurations allow arbitrary TCP connections</a></cite>. US-CERT.
+
+<dt id="refsPROGRESSEVENTS">[PROGRESSEVENTS]
+<dd><cite><a href="http://www.w3.org/TR/progress-events/">Progress Events</a></cite>, Anne van Kesteren, Charles McCathieNevile and Jungkee Song. W3C.
+
+<dt id="refsRFC2119">[RFC2119]
+<dd><cite><a href="http://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a></cite>, Scott Bradner. IETF.
+
+<dt id="refsTYPEDARRAY">[TYPEDARRAY]
+<dd><cite><a href="http://www.khronos.org/registry/typedarray/specs/latest/">Typed Array</a></cite>, David Herman and Kenneth Russell. Khronos.
+
+<dt id="refsURL">[URL]
+<dd><cite><a href="http://url.spec.whatwg.org/">URL Standard</a></cite>, Anne van Kesteren. WHATWG.
+
+<dt id="refsWEBIDL">[WEBIDL]
+<dd><cite><a href="http://dev.w3.org/2006/webapi/WebIDL/">Web IDL</a></cite>, Cameron McCormack. W3C.
+
+<dt id="refsXML">[XML]
+<dd><cite><a href="http://www.w3.org/TR/xml/">Extensible Markup Language</a></cite>, Tim Bray, Jean Paoli, C. M. Sperberg-McQueen et al.. W3C.
+
+<dt id="refsXMLNS">[XMLNS]
+<dd><cite><a href="http://www.w3.org/TR/xml-names/">Namespaces in XML</a></cite>, Tim Bray, Dave Hollander, Andrew Layman et al.. W3C.
+
+</dl></div>
+
+
+ <h2 class="no-num" id="acknowledgments">Acknowledgments</h2>
+
+ <p>The editor would like to thank
+
+ Addison Phillips,
+ Adrian Bateman,
+ Ahmed Kamel,
+ Alex Hopmann,
+ Alex Vincent,
+ Alexey Proskuryakov,
+ Andrea Marchesini,
+ Asbjørn Ulsberg,
+ Boris Zbarsky,
+ Björn Höhrmann,
+ Cameron McCormack,
+ Chris Marrin,
+ Christophe Jolif,
+ Charles McCathieNevile,
+ Dan Winship,
+ David Andersson,
+ David Flanagan,
+ David Håsäther,
+ David Levin,
+ Dean Jackson,
+ Denis Sureau,
+ Dominik Röttsches,
+ Doug Schepers,
+ Douglas Livingstone,
+ Elliott Sprehn,
+ Elliotte Harold,
+ Eric Lawrence,
+ Eric Uhrhane,
+ Erik Arvidsson
+ Erik Dahlström,
+ Feras Moussa,
+ Geoffrey Sneddon,
+ Gideon Cohn,
+ Glenn Adams,
+ Gorm Haug Eriksen,
+ Håkon Wium Lie,
+ Hallvord R. M. Steen,
+ Henri Sivonen,
+ Huub Schaeks,
+ Ian Davis,
+ Ian Hickson,
+ Ivan Herman,
+ Jarred Nicholls,
+ Jeff Walden,
+ Jens Lindström,
+ Jim Deegan,
+ Jim Ley,
+ Joe Farro,
+ Jonas Sicking,
+ Julian Reschke,
+ 송정기 (Jungkee Song),
+ 呂康豪 (Kang-Hao Lu),
+ Karl Dubost,
+ Lachlan Hunt,
+ Maciej Stachowiak,
+ Magnus Kristiansen,
+ Marc Hadley,
+ Marcos Caceres,
+ Mark Baker,
+ Mark Birbeck,
+ Mark Nottingham,
+ Mark S. Miller,
+ Martin Hassman,
+ Mohamed Zergaoui,
+ Ms2ger,
+ Odin Hørthe Omdal,
+ Olli Pettay,
+ Pawel Glowacki,
+ Peter Michaux,
+ Philip Taylor,
+ Robin Berjon,
+ Rune F. Halvorsen,
+ Ruud Steltenpool,
+ Sergiu Dumitriu,
+ Sigbjørn Finne,
+ Simon Pieters,
+ Stewart Brodie,
+ Sunava Dutta,
+ Takeshi Yoshino,
+ Thomas Roessler,
+ Tom Magliery,
+ Travis Leithead
+ Yehuda Katz, and
+ Zhenbin Xu
+
+ for their contributions to this specification.</p>
+
+ <p>Special thanks to the Microsoft employees who first implemented the
+ <code title="">XMLHttpRequest</code> interface, which was first widely
+ deployed by the Windows Internet Explorer browser.</p>
+
+ <p>Special thanks also to the WHATWG for drafting an initial version of
+ this specification in their Web Applications 1.0 document (now renamed to
+ HTML). <a href="#refsHTML">[HTML]</a></p>
+
+ <p>Special thanks to Anne van Kesteren who has provided nearly all the contents until he stepped down as a W3C editor and is now in succession providing discussions and contents as the editor of the XMLHttpRequest Living Standard in WHATWG which this version of the specification pursues convergence.</p>
+
+ <p>Thanks also to all those who have helped to improve this specification
+ by sending suggestions and corrections. (Please, keep bugging us with your
+ issues!)</p>
+
+