Reputation: 545
No Referer header in CORS request from IE or Firefox
I'm trying to send a CORS POST request to an server.
In Chrome, this works as expected - OPTIONS preflight request is sent to server, server responds with access control headers, POST request is sent. When I try to do this in IE or Firefox, no referer is sent with the OPTIONS request, so I cannot add the access-control-allow-origin header (as this is done programatically).
Javascript is:
$.ajax({
url: $(this).attr('href'),
type: 'POST',
xhrFields: {
withCredentials: true,
},
contentType: 'application/json; charset=utf-8;',
data: JSON.stringify(data),
success: function (response) {
alert(response);
},
});
return false;
});
The headers in Chrome are as follows:
The headers in Firefox are as follows:
Is there a way to guarantee that the referrer will be sent with the OPTIONS preflight request? And if not - is there another way to get the referring URL so I can add the allow origin header?
Upvotes: 3
Views: 6152
Answers (1)
Reputation: 545
Solved this by using the Origin header that is sent along with the preflight request. So if the Origin URL is one of the acceptable hosts, add the access-control-allow-origin header with the originating url.
Upvotes: 2
Related Questions
- IE CORS - Access-Control-Allow-Headers error even though headers are specified
- Access-Control-Allow-Origin header completely ignored by FireFox
- IE8/9 AJAX/CORS (XDomainRequest) send referer header
- Why IE XDomainRequest does not send Referer header
- Browser not setting the origin header for cross origin requests?
- Internet Explorer 11 does not add the Origin header on a CORS request?
- Referrer and origin preflight request headers in Safari are not changing when user navigates
- Firefox Does not allow CORS request even when the server returns the appropriate response header
- IE XdomainRequest CORS issue
- cross-origin header in IE8/IE9