jQuery CORS delete fails
https://stackoverflow.com/questions/12017093
-
27-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have two domains:
- accounts.example.org
- app.example.org
Now I want to do a HTTP DELETE request from app.example.org to accounts.example.org/session.
$.ajax({
url: "http://accounts.example.org/session",
type: "DELETE"
});
Nothing really different. Headers from accounts.example.org to allow CORS are:
Access-Control-Allow-Origin: http://app.example.org
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: X-Requested-With, Content-Type
So the AJAX call fails now and tells me that there is a problem with the CORS headers...
I took a closer look at the AJAX options and found that jQuery doesn't directly do a DELETE:
Request URL:http://accounts.example.org/session
Request Method:OPTIONS
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:origin, accept
Access-Control-Request-Method:DELETE
Connection:keep-alive
Host:accounts.example.org
Origin:http://app.example.org
Referer:http://app.example.org/
Does somebody know what this can be?
Server Backend is node.js with express as framework.
Regards
UPDATE
I can now specify the issue:
The problem is that the browser does an OPTIONS request before PUT and DELETE (GET and POST work). This is done because the browser wants to check the CORS policy before doing the real request. For some reason express doesn't handle this request (the response headers are empty). So the browser returns that the CORS policy forbids the request.
I alread tried:
- setting headers with app.use
- with app.all
- with app.options
No reactions. Sounds like that there could be a bug ...
La solution
What browser is it? I know it works in chrome atleast. This is what jQuery homepage states about PUT and delete.
"The type of request to make ("POST" or "GET"), default is "GET". Note: Other HTTP request methods, such as PUT and DELETE, can also be used here, but they are not supported by all browsers."
