All geek questions in one place

How to avoid requesting a preliminary CORS request to download a file?

I use jquery-fileupload so that users can upload files to an external service (more precisely, Cloudaign):

<input type='file' name='file' class='cloudinary-fileupload' 
  data-url='https://api.cloudinary.com/v1_1/wya/auto/upload' />
<script>
  $('.cloudinary-fileupload').fileupload();
</script>

Since this is an external target, the browser initiates a CORS request. However, I noticed that the browser adds a CORS pre-check request. http://www.html5rocks.com/en/tutorials/cors/ gives a pretty good idea of ​​when a pre-check request is triggered and when not. As far as I can see, my request meets all the criteria for a simple CORS request (see the "Types of CORS Request" section ).

a request to download a file that is sent to an external service:

POST /v1_1/wya/image/upload HTTP/1.1
Host: api.cloudinary.com
Connection: keep-alive
Content-Length: 22214
Accept: */*
Origin: http://wya.herokuapp.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarym73rCIa6t8eTNkTa
Referer: http://wya.herokuapp.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: sv-SE,sv;q=0.8,en-US;q=0.6,en;q=0.4,de;q=0.2

preflight, :

OPTIONS /v1_1/wya/image/upload HTTP/1.1
Host: api.cloudinary.com
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://wya.herokuapp.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://wya.herokuapp.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: sv-SE,sv;q=0.8,en-US;q=0.6,en;q=0.4,de;q=0.2

?. , CORS, HTTP- POST multipart/form Content-Type -data HTTP- .

, , - , CloudMan HTTP 302/304 . . Chrome :

XMLHttpRequest cannot load https://api.cloudinary.com/v1_1/wya/image/upload. 
The request was redirected to 'http://wya.herokuapp.com/upload?bytes=21534&created_at=2014-02-12T09%3A04%3…d5b62ebb92b9236e5be6d472df242d016&type=upload&version=1392195882&width=723', 
which is disallowed for cross-origin requests that require preflight.
+4
1

, XHR Cloudinary, Cloudinary ( IE) JSON. . $('.cloudinary-fileupload').fileupload() , Javascript. , $('.cloudinary-fileupload').cloudinary_fileupload().

+10

Source: https://habr.com/ru/post/1526499/

More articles:


All Articles