cross site xmlhttprequest with cors edited this page Dec 10, 2011 · 14 revisions

Cross-site XMLHttpRequest (XHR) with CORS or "Why am I getting a http OPTION for a GET/POST request?"

like this

  • localhost - - [05/Oct/2011 16:52:10] code 501, message Unsupported method ('OPTIONS')
  • localhost - - [05/Oct/2011 16:52:10] "OPTIONS / HTTP/1.1" 501 -


If you're using HTTPRequest to make requests to a server and receive strange OPTION requests and no answers in the client despite your server receiving the messages ok, maybe your problem is that some new browsers [firefox >3] have a security policy to drop all xmlhttprequest (used in AJAX class) for unauthorized clients.


The solution is simple. change response headers to allow communication with your client.

using, here is an example of server that works:

using Flask, there is an example in the Git repository (examples/misc/flaskexamples/flaskcors), and check out the documentation pyjamaswithpocoo.

I would not make any changes on the client as pyjamas jsonrpc uses XHR for jsonrpc, and therefore, depends on the browser's implementation of XMLHttpRequest.

I would also read the pyjs FAQ titled "I'm doing JSONRPC with pyjamas, but my app isn't working".

read more here