XMLHttpRequest (XHR)

• Introduction
• An example XHR request
• Additional open() parameters
• onreadystatechange
• Aborting an XHR request
• Comparison with jQuery
• Comparison with Fetch
• Cross Domain Requests
• Uploading files using XHR

Introduction

The introduction of XMLHttpRequest (XHR) in browsers in the mid 2000’s was a huge win for the Web Platform. Let’s see how it works.

Things that now look normal, back in the day, looked like they were coming from the future. I’m talking about GMail or Google Maps, for example, which were all based in great part on XHR.

XHR was invented at Microsoft in the nineties, and became a de-facto standard as all browsers implemented it in the 2002-2006 period. The W3C standardized XMLHttpRequest in 2006.

As it sometimes can happen in the Web Platform, initially there were a few inconsistencies that made working with XHR quite different cross-browser.

Libraries like jQuery got a boost of popularity by providing an easy to use abstraction for developers, and this in turn helped spread the usage of this technology.

An example XHR request

The following code creates an XMLHttpRequest (XHR) request object, and attaches a callback function that responds on the onreadystatechange event.

The xhr connection is set up to perform a GET request to https://yoursite.com, and it’s started with the send() method:

const xhr = new XMLHttpRequest()
xhr.onreadystatechange = () => {
  if (xhr.readyState === 4) {
    xhr.status === 200 ? console.log(xhr.responseText) : console.error('error')
  }
}
xhr.open('GET', 'https://yoursite.com')
xhr.send()

Additional open() parameters

In the example above we just passed the method and the URL to the request.

We can also specify the other HTTP methods - (get, post, head, put, delete, options).

Other parameters let you specify a flag to make the request synchronous if set to false, and a set of credentials for HTTP authentication:

open(method, url, asynchronous, username, password)

onreadystatechange

The onreadystatechange is called multiple times during an XHR request. We explicitly ignore all the states other than readyState === 4, which means that the request is done.

The states are

• 1 (OPENED): the request starts
• 2 (HEADERS_RECEIVED): the HTTP headers have been received
• 3 (LOADING): the response begins to download
• 4 (DONE): the response has been downloaded

Aborting an XHR request

An XHR request can be aborted by calling the abort() method on the xhr object.

Comparison with jQuery

With jQuery these lines can be translated to:

$.get('https://yoursite.com', data => {
  console.log(data)
}).fail(err => {
  console.error(err)
})

Comparison with Fetch

With the Fetch API this is the equivalent code:

fetch('https://yoursite.com')
  .then(data => {
    console.log(data)
  })
  .catch(err => {
    console.error(err)
  })

Cross Domain Requests

Note that an XMLHttpRequest connection is subject to specific limits that are enforced for security reasons.

One of the most obvious is the enforcement of the same origin policy.

You cannot access resources on another server, unless the server explicitly supports this using CORS (Cross Origin Resource Sharing).

Uploading files using XHR

Check out my tutorial on how to upload files using XHR.

More browser tutorials:

• Some useful tricks available in HTML5
• How I made a CMS-based website work offline
• The Complete Guide to Progressive Web Apps
• The Fetch API
• The Push API Guide
• The Channel Messaging API
• Service Workers Tutorial
• The Cache API Guide
• The Notification API Guide
• Dive into IndexedDB
• The Selectors API: querySelector and querySelectorAll
• Efficiently load JavaScript with defer and async
• The Document Object Model (DOM)
• The Web Storage API: local storage and session storage
• Learn how HTTP Cookies work
• The History API
• The WebP Image Format
• XMLHttpRequest (XHR)
• An in-depth SVG tutorial
• What are Data URLs
• Roadmap to learn the Web Platform
• CORS, Cross-Origin Resource Sharing
• Web Workers
• The requestAnimationFrame() guide
• What is the Doctype
• Working with the DevTools Console and the Console API
• The Speech Synthesis API
• How to wait for the DOM ready event in plain JavaScript
• How to add a class to a DOM element
• How to loop over DOM elements from querySelectorAll
• How to remove a class from a DOM element
• How to check if a DOM element has a class
• How to change a DOM node value
• How to add a click event to a list of DOM elements returned from querySelectorAll
• WebRTC, the Real Time Web API
• How to get the scroll position of an element in JavaScript
• How to replace a DOM element
• How to only accept images in an input file field
• Why use a preview version of a browser?
• The Blob Object
• The File Object
• The FileReader Object
• The FileList Object
• ArrayBuffer
• ArrayBufferView
• The URL Object
• Typed Arrays
• The DataView Object
• The BroadcastChannel API
• The Streams API
• The FormData Object
• The Navigator Object
• How to use the Geolocation API
• How to use getUserMedia()
• How to use the Drag and Drop API
• How to work with scrolling on Web Pages
• Handling forms in JavaScript
• Keyboard events
• Mouse events
• Touch events
• How to remove all children from a DOM element
• How to create an HTML attribute using vanilla Javascript
• How to check if a checkbox is checked using JavaScript?
• How to copy to the clipboard using JavaScript
• How to disable a button using JavaScript
• How to make a page editable in the browser
• How to get query string values in JavaScript with URLSearchParams
• How to remove all CSS from a page at once
• How to use insertAdjacentHTML
• Safari, warn before quitting
• How to add an image to the DOM using JavaScript
• How to reset a form
• How to use Google Fonts