All geek questions in one place

Cross call working with the Post but not completed with pre-flight

I need to make a web service call from my sites to a third-party domain / server. Although I am making this call using the jQuery Ajax by Post method with the content type: text / plain, and it works fine.

But while I change it to content-type: text / xml, it throws:

The response to the request before the flight does not pass the access control check: No The header of the Access-Control-Allow-Origin header is present in the requested resource.

Even it is installed on a third-party server to allow access to our site. And we get this header when called with the content type: text / plain.

We also added the following on the Thirdparty server.

Access-Control-Allow-Methods : Get , Post , Options ,PUT Access-Control-Allow-Headers: Authorization,origin, content-type, accept

Please let me know what could be the reason that the request before the flight does not receive "Access-Control-Allow-Origin" in response?

+5
source share
2 answers

The reason your script works for text / plain is because it is a simple request. If you look at this answer , you will see that your text / plain request meets the requirements for a simple request. However, when you change the content type to text / xml, it changes it to a "difficult" request.

For your "difficult" request to work, you need to see how to make a request before the flight. This website explains how you can do this in the "Handling a Difficult Request" section.

Update

Just a note: Access-Control-Allow-Methods is sensitive (everything is in uppercase), and you do not need to list any methods used for a simple request (GET, HEAD, POST). - source

 Access-Control-Allow-Methods: OPTIONS, PUT Access-Control-Allow-Headers: Authorization, Origin, Content-Type, Accept

Firefox does not have an Origin header for requests with the same source. But Chrome and Safari include the Origin header in POST / PUT / DELETE requests with the same source (GET requests with the same source code will not have the Origin header).

Is there a chance that the origin is the same?

Could there be a problem with the cache?

Make sure you have the settings for your jquery ajax call:

 crossDomain: true // Will force a cross domain request cache: false
0
source

The difference between content-type:text/plain and content-type: text/xml is this: "text / xml" requires "preflight", but "text / plain" does not.

From MDN :

In particular, a request is preceded if:

It uses methods other than GET, HEAD, or POST. Also, if POST is used, send the request data using Content-Type, other than application / x-www-form-urlencoded, multipart / form-data or text / plain, for example, if the POST request sends an XML payload to the server using application / xml or text / xml, then the request is preceded.

Some potential reasons may cause the request to fail before flying:

  • CORS is not enabled by the server. Find how to enable CORS for your server technology.
  • The server does not use a request other than "text / plain". For instance; Spring has a parameter that determines which type of content is acceptable.
  • Your message has an Authorization heading. If you are sending credential requests, you must also add the header Access-Control-Allow-Credentials: true . Again from MDN .
0
source

Source: https://habr.com/ru/post/1246290/

More articles:


All Articles