Firefox 3 CORS XMLHTTPRequest doesn't seem to work

Question

I implemented a REST service, which I'm calling from a javascript application on a different domain.

I'm attempting to do a GET request, and setting the Authorization: header, with a custom authentication scheme.

Because I'm setting a custom header, Firefox will start with a preflight OPTIONS request. This request looks like this (simplified):

OPTIONS /v1/articles HTTP/1.1
Host: example.org
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13 FirePHP/0.5
Origin: http://example.com
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization

My response is as follows:

HTTP/1.1 200 OK
Date: Wed, 15 Dec 2010 16:36:47 GMT
Server: Apache/2.2.9 (Debian) PHP/5.3.3-0.dotdeb.1 with Suhosin-Patch mod_vhost_hash_alias/1.0
X-Powered-By: PHP/5.3.3-0.dotdeb.1
Access-Control-Allow-Origin: http://example.com
Access-Control-Request-Method: GET,POST,PUT,DELETE,HEAD,OPTIONS
Access-Control-Request-Headers: Authorization, X-Authorization
Content-Length: 2
Content-Type: application/json

After this, the actual GET request is simply not performed. I'm worried I made a mistake in my response, but I can't seem to spot it.

The other problem is that I've found no way to get a detailed error message. As you can see, I also tried X-Authorization instead of Authorization.

My questions:

Is there something wrong with my response? How can I find more details about the problem?

Thanks!

Answer 1

I needed a fresh look at this. The next morning I realized the correct headers are:

Access-Control-Allow-Methods: GET,POST,PUT,DELETE,HEAD,OPTIONS
Access-Control-Allow-Headers: Authorization, X-Authorization