Reputation: 151
Cross-Domain AJAX REST service HTTP Headers
I'm investigating the Cross-Domains problems, I have with some REST service call. Chrome said this: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers This is what I've got from Network -> Headers tab:
Request URL: rest_url_on_other_domain
Request Method:OPTIONS
Status Code:200 OK
Request Headers:
Access-Control-Request-Headers:Origin, x-requested-with, content-type, accept
Access-Control-Request-Method:POST
Origin:http://localhost:8080
Response Headers
Access-Control-Allow-Headers:Content-Type, Accept
Access-Control-Allow-Methods:GET, POST
Access-Control-Allow-Origin:*
Access-Control-Max-Age:1728000
Cache-Control:no-cache, no-store
Connection:keep-alive
Content-Length:0
Date:Fri, 30 Dec 2011 11:29:12 GMT
Expires:-1
Pragma:no-cache
Server:nginx/1.0.2
Could somebody explain about this HTTP Headers? What is the problem - Some headers check on the server fail or some headers check on the client side (browser) fail. What's the very idea about this Access headers? Explain in detail in simple words just to get the feeling the rest I'll learn by my self. Thanks in advance!
Upvotes: 6
Views: 12755
Answers (1)
Reputation: 47897
What you are seeing is a Cross-Origin Resource Sharing preflight request. Request method for such request is OPTIONS. This is a request that the browser uses to ask permissions to send the actual request. You can learn more here: http://www.html5rocks.com/en/tutorials/cors/
In this particular case, the browser is asking for a bunch of headers (in the Access-Control-Request-Headers header). Now, in response, the Access-Control-Allow-Headers header should contain all the requested headers. In case, if there are more than the requested headers, the browser will not throw any exception. In this example, your response header should look like this:
Access-Control-Allow-Headers: Origin, x-requested-with, content-type, accept
All the other response headers look ok. Once the server sends this response, the browser will send a second request, which is the actual request for the data.
Upvotes: 10
Related Questions
- CSP Header and Cross domain Ajax call
- CORS - Ajax Headers
- jQuery cross domain request response headers
- Custom headers not sent in JQuery $.ajax cross domain request
- How can I get response header via cross-domain ajax?
- Ajax cross domain request fail to set headers
- Cross domain jquery ajax api call with custom headers is not hitting the server
- Cross domain jquery ajax request with custom headers and request body as JSON string
- Request Header doesn't work for cross-domain Ajax
- Same domain JQuery $.ajax sending OPTIONS as REQUEST_METHOD