Bug Tracker

Ticket #6029 (closed bug: invalid)

Opened 4 years ago

Last modified 4 years ago

cross domain POST results in OPTIONS request

Reported by: proppy Owned by:
Priority: major Milestone: 1.4.2
Component: ajax Version: 1.4.1
Keywords: Cc:
Blocking: Blocked by:

Description

Server has the following header directive:

Header set Access-Control-Allow-Origin "*"

Client does the following request from another domain:

$.ajax({
			type: 'POST',
			url: "http://wetball.mekensleep.com/WEBSERVICE/editor/addItems",
			data: '[{"collectibleId": 28, "latitude": 42.0, "longitude": 42.0}]',
			success: function(data){
				console.log("success", data);
			},
			error: function(XMLHttpRequest, textStatus, errorThrown){
				console.log("error", textStatus);
			},
			dataType: 'json',
                        processData: false,
                        contentType: 'application/json'
		});

The following request is received by the server instead of post: 93.1.48.165 - - [04/Feb/2010:11:57:00 -0600] "OPTIONS /WEBSERVICE/editor/addItems HTTP/1.1" 400 274 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)"

If I apply the attached patch (which disable some cross domain firefox specifics), the POST request get sent, and processed: 85.168.102.10 - - [04/Feb/2010:11:58:25 -0600] "POST /WEBSERVICE/editor/addItems HTTP/1.1" 200 42 " http://playground.mekensleep.com/proppy/playground/map.html" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7"

Feel free to tell me if you need more information

Attachments

Change History

Changed 4 years ago by proppy

comment:1 Changed 4 years ago by john

  • Status changed from new to closed
  • Resolution set to invalid
  • Component changed from unfilled to ajax

Obviously we're not going to land that patch, as-is (it deletes a large part of the Ajax logic). The OPTIONS is being sent because you need to negotiate before doing a cross-domain request of this nature.

It looks like since you're specifying a non-simple content-type the server has to do a pre-flight request. You can read up more on it here:  http://www.w3.org/TR/access-control/#terminology

Note: See TracTickets for help on using tickets.