Menu
I'm making cross-domain requests to my rails app from a site, using the rack-cors middleware (though I don't think this question is specific to rack-cors). When I inspect the console output with firebug I notice that there is only one request going out, the POST request. Is the OPTIONS request made secretly?
Similarly, when I inspect my server log I see
Started OPTIONS "/australia_post_api_connections" for 127.0.0.1 at 2013-01-08 16:06:18 -0800
but no corresponding
Completed 200 OK in 1441ms (Views: 85.2ms | ActiveRecord: 0.0ms)
Is this normal, or does it mean that the OPTIONS request is not running to completion? What sort of response should I expect from the CORS preflight OPTIONS request?
971
CORS OPTIONS responses should return 200s, and along with them, an assortment of Access-Control-* headers.
My guess is that you're not seeing it in your rails logs as "Completed 200" because it's happening in Rack middleware at a point before that logging occurs in the Rails framework.
You can check the request/response headers in Firebug/Chrome's Developer Tools network panel to verify that everything is proceeding correctly. I don't believe Firebug hides the OPTIONS request, but it's possible that the result of the OPTIONS request is being cached if Access-Control-Max-Age is being returned.
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
