The HTTP OPTIONS request method is commonly used to ask a Web server which HTTP methods the server allows; servers typically respond with just a set of headers that includes the Allow header, whose value lists the allowed methods. The OPTIONS method is also a key part of the CORS protocol.
I was attempting to implement CORS support on a Spray server (version 1.1-20131011 where cors headers are already supported).
Currently, the server code looks like this:
trait DefaultCORSDirectives { this: Directives =>
def defaultCORSHeaders =…
When I configure my RequestMappings in Spring MVC, I'd like to automatically generate the proper Allow header when the OPTIONS method is used.
For example, with this controller:
@Controller
@RequestMapping("/test")
public class TestController {
…
I am using Sencha Touch 2.1.0. I am making a HTTP GET call. It is a CORS request. Hence it is sending Pre-flight HTTP OPTIONS command as expected.
I have installed CORS filter on my server and configured it. The calls from my code were going…
For reasons I don't understand, Safari fails (intermittently but consistently) to connect to our rails app (static front end and api back end) on our QA infrastructure. (I'm going to write another question about that.)
For now, one thing that is…
I am currently reviewing some proxy logs and seeing:
200 OPTIONS /api/bob/
200 GET /api/bob/
200 OPTIONS /api/jim/
200 PUT /api/jim/
I am wondering a couple of things, why is it doing the OPTIONS call before each request?
And, my…
On client side I'm using Ajax.post (jquery 1.5) with json. On server side I'm using rest resteasy-jaxrs-2.0.1.GA. I found somewhere that i should add couple of headers to server response and I've done with following filter:
public void doFilter( …
I have a simple request I make to my service:
var request = new XMLHttpRequest();
request.open("OPTIONS", url, true);
request.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');
request.setRequestHeader('Accept',…
I am in the context of a Rest API. As I am performing cross domain request, I need to send back the header "Access-Control-Allow-Origin".
I have a controller such:
@Controller
@RequestMapping("/api")
public class PackageManagerRestController {
…
We are running DRF in combination with django filter to narrow down list view results.
As filters and filter options are increasing, we would like the frontend to display only the available (the select-able) filter choices.
Simple example: There…
I enabled Spring Security on a Rest API and saw that OPTIONS requests are being rejected because they miss the Authorization header.
Should I require (is it possible?) that clients include that header even in OPTIONS (pre-flight) requests, or should…
I have this simple node.js proxy server implementation:
const s = http.createServer((req, res) => {
console.log('req method:', req.method);
if(String(req.method || '').toUpperCase() === 'OPTIONS'){
…
I've a rest endpoint with an optional PathVariable in spring framework.
@PostMapping("/API_PATH/{param1}/{param2}")
public Result getResult(@PathVariable Integer param1,
@PathVariable(required = false) Integer param2, @RequestBody Data data) {
…
I send a curl command with OPTIONS request method to my dropwizard application. I get a 200 Ok and POST and OPTIONS methods allowed as response.
How do i stop this from happening for security reasons as this provides some info about what are…
Should an OPTIONS request ever return a 429?
The problem is really that a Browser client (js) can not detect the 429 correctly when returned from an OPTIONS request. So I'm leaning towards only returning 429 for non OPTIONS requests.
What is best…
I simply wish to post some json but by default request does a preflight OPTIONS request.
I would like to avoid this as users often have unreliable connections, an extra request further reduces reliability and results in cryptic error messages like…
