All geek questions in one place

Refused to get unsafe Location header

I have a website and a REST api server server.

I am making an ajax request to a REST server to create a new model. The response to this request will be "HTTP / 1.1 201 Created Response" with the heading "Location: http://myapi.com/some/path/111 " But I get the error message Refused to get unsafe header "Location" . I know that this is due to the cross-domain access policy and other blah blah blah.

Does anyone know how to fix this? Maybe I need to add the header "Access-Controll-Allow-SOMETHINGHERE"?

UPD:

Website URL http://www.mydomain.com/

The source URI is http://api.mydomain.com/model/ , and the new location URI is http://api.mydomain.com/model/211

The source URI is used for the ajax POST request, whose responses are associated with the new Location header.

+6
source share
4 answers

This is because, by default, the Location header is not displayed to the calling client (in this case, your Ajax code) (this is "unsafe"). To open it, you must return an additional header:

 Access-Control-Expose-Headers: Location

In this case, the browser will open it so that the client can read it. You can add multiplied comma headers there. Read more about it here . Here you can read which methods, headers and content types are safe (simple) and do not require any additional configuration.

+4
source

I would simply go around it, either returning the new location as the value from the call, or having a client code that knows where the newly created item is stored.

Another option is to create a proxy for calls in the source domain.

+1
source 
 header Location: http://myapi.com/some/path/111"

This piece of code is completely wrong. Use it correctly or almost right.

Try the following:

 header("Location: http://myapi.com/some/path/111");

or

 header("Location: http://myapi.com/some/path/111"); exit();

If this does not work, let me know :-)

0
source

To download Amazon S3 (for example, through Dropzone), this is necessary in the CORS configuration.

 <ExposeHeader>location</ExposeHeader>
0
source

Source: https://habr.com/ru/post/898900/

More articles:


All Articles