Pay special attention to the Access-Control-Allow-Headers response header. Your server should then respond with the following headers: Access-Control-Allow-Origin: Īccess-Control-Allow-Headers: X-Custom-Header Your preflight response needs to acknowledge these headers in order for the actual request to work.įor example, suppose the browser makes a request with the following headers: Origin: Īccess-Control-Request-Headers: X-Custom-Header These request headers are asking the server for permissions to make the actual request. Is anyone familiar with this CORS technique? What changes need to be made at the client to preflight my request?ĭuring the preflight request, you should see the following two headers: Access-Control-Request-Method and Access-Control-Request-Headers. Origin is not allowed by Access-Control-Allow-Origin My question is: How do I 'preflight' a request (OPTIONS)? I am using jQuery.getJSON to make the GET request but the browser cancels the request right away with the infamous: I can see that responses do include this header now. I got the idea from this post : Getting CORS workingĪt the server side, my web method is adding 'Access-Control-Allow-Origin: *' to the HTTP response. Since I am free to make changes at the server I have begun to try to implement a workaround that involves configuring the server responses to include the "Access-Control-Allow-Origin" header and 'preflight' requests with and OPTIONS request. Because my service must accommodate both GET and POST requests I cannot implement some dynamic script tag whose src is the URL of a GET request. I have read several techniques for working with the cross domain scripting limitations. I am trying to make a cross domain HTTP request to WCF service (that I own).
0 Comments
Leave a Reply. |