Menu
I'm investigating the Cross-Domains problems, I have with some REST service call. Chrome said this: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers This is what I've got from Network -> Headers tab:
Request URL: rest_url_on_other_domain
Request Method:OPTIONS
Status Code:200 OK
Request Headers:
Access-Control-Request-Headers:Origin, x-requested-with, content-type, accept
Access-Control-Request-Method:POST
Origin:http://localhost:8080
Response Headers
Access-Control-Allow-Headers:Content-Type, Accept
Access-Control-Allow-Methods:GET, POST
Access-Control-Allow-Origin:*
Access-Control-Max-Age:1728000
Cache-Control:no-cache, no-store
Connection:keep-alive
Content-Length:0
Date:Fri, 30 Dec 2011 11:29:12 GMT
Expires:-1
Pragma:no-cache
Server:nginx/1.0.2
Could somebody explain about this HTTP Headers? What is the problem - Some headers check on the server fail or some headers check on the client side (browser) fail. What's the very idea about this Access headers? Explain in detail in simple words just to get the feeling the rest I'll learn by my self. Thanks in advance!
795
Cross-origin resource sharing (or CORS) can be used to make AJAX requests to another domain.
Browser does not allow cross domain AJAX requests due to security issues. Cross-domain requests are allowed only if the server specifies same origin security policy. To enable CORS, You need to specify below HTTP headers in the server.
CORS is a mechanism that defines a procedure in which the browser and the web server interact to determine whether to allow a web page to access a resource from different origin. Figure 2. Cross domain ajax request. When you do a cross-origin request, the browser sends Origin header with the current domain value.
The jQuery ajax headers are used to specifies that what kind of response can be accepted in return from the server. The jQuery ajax hear option is a built-in option that is passed to the ajax() function in the jQuery.
What you are seeing is a Cross-Origin Resource Sharing preflight request. Request method for such request is OPTIONS. This is a request that the browser uses to ask permissions to send the actual request. You can learn more here: http://www.html5rocks.com/en/tutorials/cors/
In this particular case, the browser is asking for a bunch of headers (in the Access-Control-Request-Headers header). Now, in response, the Access-Control-Allow-Headers header should contain all the requested headers. In case, if there are more than the requested headers, the browser will not throw any exception. In this example, your response header should look like this:
Access-Control-Allow-Headers: Origin, x-requested-with, content-type, accept
All the other response headers look ok. Once the server sends this response, the browser will send a second request, which is the actual request for the data.
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
