1

jQuery should send an HTTP OPTION request to initiate pre-flight CORS, yet it always sends out a HTTP POST. Since it is a POST the browser doesn't get the Access-Control-Allow-Origin or Access-Control-Allow-Method and the browser has NO CHOICE but to 404 the response.

jQuery.ajax('https://domain.com/path', {
  crossDomain: true,
  data: postData,
  error: function(jqXHR, status, errorThrown) {
    //whatever
  },
  success: function(data, status, jqXHR) {
    //whatever
  },
  type: "POST",
  xhrFields: {
    withCredentials: true
  }
});
user3338098
  • 907
  • 1
  • 17
  • 38
  • 1
    I had a rought time dealing with CORS, this might help: http://www.bennadel.com/blog/2327-cross-origin-resource-sharing-cors-ajax-requests-between-jquery-and-node-js.htm – Luke SpringWalker Feb 25 '15 at 01:00

1 Answers1

3

jQuery doesn't have anything to do with the OPTION request for CORS... the browser is what implements this. See: caniuse.com/cors. IE8-9 use a separate object XDomainRequest (which jQuery doesn't detect or use out of the box), and has significan limitations.

Try curl, fiddler or another utility to confirm that your foreign resource is in fact on a separate domain, and returning the appropriate response for the request in question? You should be able to right-click in the network view of the developer tools and copy as a curl command line (may have to switch quotes in windows). Odds are you aren't actually making the request the way you think you are, or the OPTIONS check is either failing with a 404, or the foreign resource is returning a 404.

Tracker1
  • 19,103
  • 12
  • 80
  • 106
  • 1
    I just realized my mistake, I assumed that anything other than a simple HTTP GET would require a pre-flight, but W3C lists GET,HEAD AND POST as simple methods which do not require a pre-flight so it was my destination server being to restrictive with it's security policy. – user3338098 Feb 25 '15 at 15:15