I am facing problem that whenever I turn off security settings in IE8, in my application, xmlHTTPRequest call is failed.However when I turn it on, its working fine. The security feature is : Tools -> Internet Options -> Advance -> security -> Enable Native xmlHTTP support. If it is checked then no problem occurs but in case if it is not checked, the xmlHTTPReq fails to send request to server.(I don't see the cgi call in debugger window).

So my question is : is it possible to detect that this security settings is enabled or not using JavaScript programatically ?

My code for cgi call is as under :

try{
        var xmlHttpReq;
        var destinationURL = cgiBinPath+"helloworld.cgi?start";
        // IE 7+, Mozilla/Safari
        if (window.XMLHttpRequest) {
            xmlHttpReq=new XMLHttpRequest();
        }
        //IE 5,6
        else {
            xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP");
        }
        if (xmlHttpReq.readyState == 0){
            xmlHttpReq.open('GET', destinationURL, true);
            xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
            xmlHttpReq.onreadystatechange = function(){
                if(xmlHttpReq.readyState == 4){
                  //Control never reaches here
                }
            }               
            xmlHttpReq.send();
        }
    }catch(e){
        alert('Exception '+e);
    }  

I am facing problem that whenever I turn off security settings in IE8, in my application, xmlHTTPRequest call is failed.However when I turn it on, its working fine. The security feature is : Tools -> Internet Options -> Advance -> security -> Enable Native xmlHTTP support. If it is checked then no problem occurs but in case if it is not checked, the xmlHTTPReq fails to send request to server.(I don't see the cgi call in debugger window).

So my question is : is it possible to detect that this security settings is enabled or not using JavaScript programatically ?

My code for cgi call is as under :

try{
        var xmlHttpReq;
        var destinationURL = cgiBinPath+"helloworld.cgi?start";
        // IE 7+, Mozilla/Safari
        if (window.XMLHttpRequest) {
            xmlHttpReq=new XMLHttpRequest();
        }
        //IE 5,6
        else {
            xmlHttpReq = new ActiveXObject("Microsoft.XMLHTTP");
        }
        if (xmlHttpReq.readyState == 0){
            xmlHttpReq.open('GET', destinationURL, true);
            xmlHttpReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
            xmlHttpReq.onreadystatechange = function(){
                if(xmlHttpReq.readyState == 4){
                  //Control never reaches here
                }
            }               
            xmlHttpReq.send();
        }
    }catch(e){
        alert('Exception '+e);
    }  

• javascript
• security
• internet-explorer-8
• xmlhttprequest

• No sane person disables this setting – ThiefMaster Commented Nov 1, 2011 at 9:23

1 Answer 1

Take a look at this article about native XMLHTTP on MSDN. It also provides a solution for your problem.

Edit I'm sorry, I didn't read the article carefully enough... This one will answer your question. You will have to try if you can create an instance of the XMLHttpRequest object.

if (window.XMLHttpRequest) {
    try {
        xmlHttpReq = new XMLHttpRequest();
    } catch (ex) {
        xmlHttpReq = new window.ActiveXObject("Microsoft.XMLHTTP");
    }
} else {
    //...
}