XMLHttpRequest() vs ActiveXObject("Microsoft.XMLHTTP") - what's the point?

Microsoft finally added the native XMLHttpRequest object in Internet Explorer 7, but I found out that it can be disabled in the Internet Options dialog. So what benefit is there using XMLHttpRequest() vs ActiveXObject("Microsoft.XMLHTTP")?

If it can be disabled, that means we have to keep our browser compat开发者_如何转开发ibility checks in forever, doesn't it? Would XMLHttpRequest() initialize quicker than ActiveXObject("Microsoft.XMLHTTP") or what? Why would Microsoft add it and make it optional?

The ActiveXObject can also be disabled. Note that other browsers can disable this and other settings as well. This is not about browser compatibility, but about user preference. Users can allow / disallow cross-domain requests, can allow / disallow scripts, can allow Flash or not etc.

You'll always have to check whether your page still runs smooth (or falls back gracefully) when users have disabled certain browser's features that you need.

The good news is: it is enabled by default, most users will have it on.

Update: by default, scripting and external requests (i.e. document(), xsl:include with XSLT or external entities in XML) are not supported by XmlHttpRequest-retrieved objects and must be enabled explicitly. This is different from non-IE browsers, where external requests from XHR-loaded documents are allowed (or don't exist, like in Safari and Chrome).

This is a guess, but I would assume they allow it to be disabled for the same reason they allow JavaScript to be disabled. Some people believe the risks (privacy, security, whatever) outweigh the benefit and thus want it disabled.