Bug Tracker

Opened 14 years ago

Closed 14 years ago

Last modified 12 years ago

#4690 closed bug (wontfix)

Chrome OPTIONS header type sent for POST ajax request, FF fails.

Reported by: m00b13s Owned by:
Priority: major Milestone: 1.4
Component: ajax Version: 1.3.2
Keywords: Cc:
Blocked by: Blocking:


When using $.ajax as follows:

var url = "http://local.vhost/script"; var data = "foo=bar"; $.ajax({ type: "POST", url: url, data: data, cache: false, dataType: "jsonp", jsonp: "jsonp_callback", success: function(data) { }, error: function(data) { }, complete: function(data) { }});

I have been seeing an OPTIONS header rather than POST in my access logs. - - [27/May/2009:16:45:48 +0100] "OPTIONS /integrator/api/1.1/booking HTTP/1.1" 401 -

Because this is a REST API I do not handle OPTIONS. I expect GET, POST or DELETE. The POST data is totally empty at the server.

Curiously PHP reports a correct HTTP_ACCESS_CONTROL_REQUEST_METHOD but Apache is seeing OPTIONS and PHP sees no $_POST data.

[HTTP_ACCESS_CONTROL_REQUEST_METHOD] => POST [HTTP_X_REQUESTED_WITH] => XMLHttpRequest [CONTENT_TYPE] => application/x-www-form-urlencoded

The above is when submitting with the new stable Chrome 2.0. In Firefox 3.1 beta 3, the request never reaches the server at all giving:

Access to restricted URI denied code: 1012

Despite that I have been using jsonp.

Change History (4)

comment:1 Changed 14 years ago by malkarouri

I am seeing similar behaviour, also stable Chrome

The code:

jQuery.get("http://localhost/myapp", {data: "hello"},


alert("Data: " + data);



triggers an OPTIONS request rather than a GET one as seen by Apache. My setup is apache 2.2 on windows, mod_wsgi, python, django, so it's pretty different. One log line is: - - [29/May/2009:16:58:25 +0100] "OPTIONS /myapp?data=hello HTTP/1.1" 200 2343

The code works successfully in IE6, executing a GET and receiving data.

comment:2 Changed 14 years ago by simeyla

Able to duplicate this bug quite easily in Chrome BUT only if the ACTION for the form is on a different domain.

Error occurs if :

Page was served from : http://ipv4.fiddler:62669/woops/TESTIMONIALS/X

Page was posted to : http://dev.rollingrazor.com:62669/woops/TESTIMONIALS/X

These URLS point to EXACTLY the same ASP.NET web server (dev.rollingrazor.com is just an entry in my hosts file).

If the action is http://ipv4.fiddler:62669/woops/TESTIMONIALS/X or just X then I don't get the OPTIONS header sent

Chrome on Windows

comment:3 Changed 14 years ago by AntarisZX

I was looking through source 1.3.2, when using JSONP, the request is made by building a SCRIPT element dynamically, which gets past the browsers Same-domain policy. Naturally, you can't make a POST request using a SCRIPT element, the browser would fetch the result using GET.

As you are requesting a JSONP call, the SCRIPT element is not generated, because it only does this when the Type of AJAX call is set to GET.

Change your AJAX call to use GET instead of POST.

comment:4 Changed 14 years ago by john

Component: unfilledajax
Resolution: wontfix
Status: newclosed

You are attempting to do a cross-domain POST. This does not work in most browsers. The only browsers that support it are those that support Cross-Site XMLHttpRequest. This is precisely what Chrome (and Firefox 3.5) is trying to do on your site: https://developer.mozilla.org/En/Cross-Site_XMLHttpRequest

So yeah, not really something that we can handle on end, unfortunately.

Note: See TracTickets for help on using tickets.