Skip to main content

Bug Tracker

Side navigation

#6029 closed bug (invalid)

Opened February 04, 2010 05:59PM UTC

Closed February 04, 2010 06:07PM UTC

cross domain POST results in OPTIONS request

Reported by: proppy Owned by:
Priority: major Milestone: 1.4.2
Component: ajax Version: 1.4.1
Keywords: Cc:
Blocked by: Blocking:
Description

Server has the following header directive:

Header set Access-Control-Allow-Origin "*"

Client does the following request from another domain:

$.ajax({
			type: 'POST',
			url: "http://wetball.mekensleep.com/WEBSERVICE/editor/addItems",
			data: '[{"collectibleId": 28, "latitude": 42.0, "longitude": 42.0}]',
			success: function(data){
				console.log("success", data);
			},
			error: function(XMLHttpRequest, textStatus, errorThrown){
				console.log("error", textStatus);
			},
			dataType: 'json',
                        processData: false,
                        contentType: 'application/json'
		});

The following request is received by the server instead of post:

93.1.48.165 - - [04/Feb/2010:11:57:00 -0600] "OPTIONS /WEBSERVICE/editor/addItems HTTP/1.1" 400 274 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)"

If I apply the attached patch (which disable some cross domain firefox specifics), the POST request get sent, and processed:

85.168.102.10 - - [04/Feb/2010:11:58:25 -0600] "POST /WEBSERVICE/editor/addItems HTTP/1.1" 200 42 "http://playground.mekensleep.com/proppy/playground/map.html" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7"

Feel free to tell me if you need more information

Attachments (1)
Change History (1)

Changed February 04, 2010 06:07PM UTC by john comment:1

component: unfilledajax
resolution: → invalid
status: newclosed

Obviously we're not going to land that patch, as-is (it deletes a large part of the Ajax logic). The OPTIONS is being sent because you need to negotiate before doing a cross-domain request of this nature.

It looks like since you're specifying a non-simple content-type the server has to do a pre-flight request. You can read up more on it here:

http://www.w3.org/TR/access-control/#terminology