Side navigation
#6029 closed bug (invalid)
Opened February 04, 2010 05:59PM UTC
Closed February 04, 2010 06:07PM UTC
cross domain POST results in OPTIONS request
| Reported by: | proppy | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 1.4.2 |
| Component: | ajax | Version: | 1.4.1 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
Server has the following header directive:
Header set Access-Control-Allow-Origin "*"
Client does the following request from another domain:
$.ajax({
type: 'POST',
url: "http://wetball.mekensleep.com/WEBSERVICE/editor/addItems",
data: '[{"collectibleId": 28, "latitude": 42.0, "longitude": 42.0}]',
success: function(data){
console.log("success", data);
},
error: function(XMLHttpRequest, textStatus, errorThrown){
console.log("error", textStatus);
},
dataType: 'json',
processData: false,
contentType: 'application/json'
});
The following request is received by the server instead of post:
93.1.48.165 - - [04/Feb/2010:11:57:00 -0600] "OPTIONS /WEBSERVICE/editor/addItems HTTP/1.1" 400 274 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)"
If I apply the attached patch (which disable some cross domain firefox specifics), the POST request get sent, and processed:
85.168.102.10 - - [04/Feb/2010:11:58:25 -0600] "POST /WEBSERVICE/editor/addItems HTTP/1.1" 200 42 "http://playground.mekensleep.com/proppy/playground/map.html" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7"
Feel free to tell me if you need more information
Attachments (1)
Change History (1)
Changed February 04, 2010 06:07PM UTC by comment:1
| component: | unfilled → ajax |
|---|---|
| resolution: | → invalid |
| status: | new → closed |
Obviously we're not going to land that patch, as-is (it deletes a large part of the Ajax logic). The OPTIONS is being sent because you need to negotiate before doing a cross-domain request of this nature.
It looks like since you're specifying a non-simple content-type the server has to do a pre-flight request. You can read up more on it here:
http://www.w3.org/TR/access-control/#terminology