Menu
I got this code:
var req = new HttpRequest(); req.open("POST", "http://localhost:8031/rest/user/insert"); req.setRequestHeader("Content-type", "application/json"); req.send(json.stringify(user_map)); But, instead of sending the POST verb, when I see it in fiddler I see this:
OPTIONS http://localhost:8031/rest/user/insert HTTP/1.1 Host: localhost:8031 Connection: keep-alive Access-Control-Request-Method: POST Origin: http://127.0.0.1:3030 User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.33 (KHTML, like Gecko) Chrome/27.0.1430.0 (Dart) Safari/537.33 Access-Control-Request-Headers: origin, content-type Accept: */* Referer: http://127.0.0.1:3030/E:/grole/dart/Clases/Clases/web/out/clases.html Accept-Encoding: gzip,deflate,sdch Accept-Language: es-ES,es;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 As you can see, it is using the OPTIONS verb instead of POST?
What's going on?
574
Prevent sending the post data, if it wont be processed This is the only reason what is valid. Using options request will prevent sending the post data to the server unnecessarily.
In these situations, like when using custom headers, the browser is just checking with the server first that the server is willing to accept the request before sending it as sending unsolicited requests to the server could be really dangerous for your data, and also, what's the point in the browser sending potentially ...
The OPTIONS request method is sent by browsers to find out the supported HTTP methods and other parameters supported for the target resource before sending the actual request. Browsers send OPTIONS requests when they send a CORS request to another origin.
The OPTIONS verb is a preflight request sent by some browsers to check the validity of cross origin requests. It pretty much checks with the server that the Origin (requester) is allowed to make the request for a specified resource.
The OPTIONS verb is a preflight request sent by some browsers to check the validity of cross origin requests. It pretty much checks with the server that the Origin(requester) is allowed to make the request for a specified resource. Also, depending on which headers are sent back by the server it lets the browser know which headers, methods, and resources the origin is allowed to request form the server.
The browser sends the OPTIONS request then if the server answers back with the correct headers (CORS headers) allowing the origin to make the request, you should see your POST request go through afterwards.
Note that the CORS headers must be returned on both the OPTIONS response as well as the POST response. This means your server must be able to respond to the options method on the routes you want to access across domains.
This is known as Cross-origin Resource Sharing. Mozilla has some pretty good documentation on the subject. https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS
If you have more questions let me know and I'll answer them.
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
