The preflight is being triggered by your Content-Type of application/json. The simplest way to prevent this is to set the Content-Type to be text/plain in your case. application/x-www-form-urlencoded & multipart/form-data Content-Types are also acceptable, but you’ll of course need to format your request payload appropriately. If you are still seeing a preflight after making this … Read more
Turns out this has nothing to do with CORS- it was a problem with the security certificate. Misleading errors = 4 hours of headaches.
Try this in the .htaccess of the external root folder : <IfModule mod_headers.c> Header set Access-Control-Allow-Origin “*” </IfModule> And if it only concerns .js scripts you should wrap the above code inside this: <FilesMatch “\.(js)$”> … </FilesMatch>
Javascript is limited when making ajax requests outside of the current domain. Ex 1: your domain is example.com and you want to make a request to test.com => you cannot. Ex 2: your domain is example.com and you want to make a request to inner.example.com => you cannot. Ex 3: your domain is example.com:80 and … Read more
The original standard does preclude redirect after a successful CORS preflight. Quoting ยง 7.1.5.3: This is the actual request. Apply the make a request steps and observe the request rules below while making the request. If the response has an HTTP status code of 301, 302, 303, 307, or 308 Apply the cache and network … Read more
I was wondering the same thing, so after a bit of research I found that the easiest way was simply to use a JAX-RS ContainerResponseFilter to add the relevant CORS headers. This way you don’t need to replace the whole web services stack with CXF (Wildfly uses CXF is some form, but it doesn’t look … Read more
OAuth2 auth endpoint doesn’t support AJAX by design. It’s an entry point to the authentication system, so you must get there by redirect. The result of the authentication is again a redirect to the URL you provide, so AJAX doesn’t make much sense there.
It is only considered to be the same if the protocol, host and port is the same: Same Origin Policy If you want to enable it you must follow Cross-Origin Resource Sharing (cors) by adding headers. Mozilla has examples You need to add Access-Control-Allow-Origin as a header in your response. To allow everyone (you should … Read more
Support for wildcards in the Access-Control-Allow-Headers header was added to the living standard only in May 2016, so it may not be supported by all browsers. On browser which don’t implement this yet, it must be an exact match: https://www.w3.org/TR/2014/REC-cors-20140116/#access-control-allow-headers-response-header If you expect a large number of headers, you can read in the value of … Read more
Look at what I have found! Add in some custom headers inside <system.webServer>. <httpProtocol> <customHeaders> <add name=”Access-Control-Allow-Origin” value=”*” /> <add name=”Access-Control-Allow-Methods” value=”GET, POST, OPTIONS, PUT, DELETE” /> </customHeaders> </httpProtocol> Then I can do the CORS authentication.