qwest.get but OPTIONS method sent #90

Closed
ydeshayes opened this Issue Nov 25, 2015 · 7 comments

Comments

Projects
None yet
3 participants
@ydeshayes

Hello,

I call

qwest.get('https://myUrl')
.then(function(xhr, response) {
    alert(response);
});

but when I look at the request I got this:

Remote Address:127.0.0.1
Request URL:https://myUrl
Request Method:OPTIONS
Status Code:200 OK

I'm on chrome 46.0.2490.86 (64-bit) on macOS

Do you know some similar issues with your lib ?

Thanks

@pyrsmk

This comment has been minimized.

Show comment
Hide comment
@pyrsmk

pyrsmk Nov 25, 2015

Owner

Really weird... Qwest by itself does not know what an OPTIONS request method is. So I assume it's a bug in your code somewhere, or in Chrome for Mac.

Owner

pyrsmk commented Nov 25, 2015

Really weird... Qwest by itself does not know what an OPTIONS request method is. So I assume it's a bug in your code somewhere, or in Chrome for Mac.

@ydeshayes

This comment has been minimized.

Show comment
Hide comment
@ydeshayes

ydeshayes Nov 25, 2015

I will look much deeper. But I've got the same behavior on firefox.

Stock XHR request work fine:

var oReq = new XMLHttpRequest();
oReq.open("get", "https://myUrl", true);
oReq.send();

Thanks for your help

I will look much deeper. But I've got the same behavior on firefox.

Stock XHR request work fine:

var oReq = new XMLHttpRequest();
oReq.open("get", "https://myUrl", true);
oReq.send();

Thanks for your help

@ydeshayes

This comment has been minimized.

Show comment
Hide comment

Catch the problem:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

So it's not the lib.
Thanks

@ydeshayes ydeshayes closed this Nov 25, 2015

@pyrsmk

This comment has been minimized.

Show comment
Hide comment
@pyrsmk

pyrsmk Nov 25, 2015

Owner

Good to know ;)

Owner

pyrsmk commented Nov 25, 2015

Good to know ;)

@vpatil

This comment has been minimized.

Show comment
Hide comment
@vpatil

vpatil Nov 30, 2015

I'm running into the same issue (and in my case, it's generating a 403). Like @ydeshayes, a stock XHR request works fine, but a qwest.get fails.

I think what's happening is that the Cache-Control header being added by default is not a "simple request header", and so triggers preflighting.

From the spec (http://www.w3.org/TR/cors/):

A header is said to be a simple header if the header field name is an ASCII case-insensitive match for Accept, Accept-Language, or Content-Language or if it is an ASCII case-insensitive match for Content-Type and the header field value media type (excluding parameters) is an ASCII case-insensitive match for application/x-www-form-urlencoded, multipart/form-data, or text/plain.

Setting { cache:true } in my qwest.get call appears to work around the problem, since it prevents Cache-Control from being added.

vpatil commented Nov 30, 2015

I'm running into the same issue (and in my case, it's generating a 403). Like @ydeshayes, a stock XHR request works fine, but a qwest.get fails.

I think what's happening is that the Cache-Control header being added by default is not a "simple request header", and so triggers preflighting.

From the spec (http://www.w3.org/TR/cors/):

A header is said to be a simple header if the header field name is an ASCII case-insensitive match for Accept, Accept-Language, or Content-Language or if it is an ASCII case-insensitive match for Content-Type and the header field value media type (excluding parameters) is an ASCII case-insensitive match for application/x-www-form-urlencoded, multipart/form-data, or text/plain.

Setting { cache:true } in my qwest.get call appears to work around the problem, since it prevents Cache-Control from being added.

@pyrsmk

This comment has been minimized.

Show comment
Hide comment
@pyrsmk

pyrsmk Nov 30, 2015

Owner

Thanks a lot for the explanations! I'll put a note on CORS in the docs ;)

Owner

pyrsmk commented Nov 30, 2015

Thanks a lot for the explanations! I'll put a note on CORS in the docs ;)

@pyrsmk

This comment has been minimized.

Show comment
Hide comment
@pyrsmk

pyrsmk Jan 5, 2016

Owner

@vpatil : I was thinking of your last comment. With cache set to true, you always have the same body returned? That's a big issue if we don't want cache with CORS.

If somebody is running into this issue, try to set Cache-Control to an empty string in the headers param of qwest. If the problem persists, please reopen!

Owner

pyrsmk commented Jan 5, 2016

@vpatil : I was thinking of your last comment. With cache set to true, you always have the same body returned? That's a big issue if we don't want cache with CORS.

If somebody is running into this issue, try to set Cache-Control to an empty string in the headers param of qwest. If the problem persists, please reopen!

This was referenced Jan 5, 2016

@cdll cdll referenced this issue May 30, 2016

Closed

jsonp support #121

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment