Skip to content
Permalink
Browse files

The script prefilter now forces cross-domain requests type to GET.

  • Loading branch information
jaubourg committed Jan 16, 2011
1 parent 914aa3d commit f74b84498987ace9bbbc3c041607016a23ff251e
Showing with 1 addition and 0 deletions.
  1. +1 −0 src/ajax/script.js
@@ -23,6 +23,7 @@ jQuery.ajaxSetup({
}

if ( s.crossDomain ) {
s.type = "GET";
s.global = false;
}

4 comments on commit f74b844

@leandro

This comment has been minimized.

Copy link

leandro replied Jun 15, 2015

@jaubourg Hello. I'm facing an issue because of this addition. This commit apparently doesn't have any comment that explains why the line is added. Could you explain why it's needed? Is it because some sort security issue? Otherwise I'll need to patch it inside my production app to avoid some issues it's facing.

@leandro

This comment has been minimized.

Copy link

leandro replied Jun 15, 2015

As I've double checked CORS' rules, there is the preflight thing, but it's actually something that the browser should care of, not the JS library that performs the AJAX request:

For AJAX and HTTP request methods that can modify data (usually HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers "preflight" the request, soliciting supported methods from the server with an HTTP OPTIONS request header, and then, upon "approval" from the server, sending the actual request with the actual HTTP request method.

From https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#How_CORS_works

@dmethvin

This comment has been minimized.

Copy link
Member

dmethvin replied Jun 16, 2015

Hello. I'm facing an issue because of this addition.

@leandro If you can provide more information about the problem as it exists in the code, such as a test case showing the problem, open a new issue on our issue tracker.

@leandro

This comment has been minimized.

Copy link

leandro replied Jun 16, 2015

@dmethvin I don't think it's a bug, because it's clear it's a feature implemented by the committed line above. The issue is that my script is sending data via cross-domain POST (just different subdomains, actually), but then it gets automatically changed to GET because of that line and that breaks my page. I really need to send the data via POST and process the response as 'script'.

Please sign in to comment.
You can’t perform that action at this time.