i familiar cors , access-control-allow-* headers.
i making cors xhr request has new geoposition header not specified within options response access-control-allow-headers header.
when attach client new service instance, options , post requests work.
when attach client older service instance, options response has code 200 post failed chrome code 0 and
request header field geoposition not allowed access-control-allow-headers.
how inspect options response headers (within onresponserecieved?) can omit/remove offending geoposition header , resubmit request?
the access-control-allow-headers header sent cors server in response options preflight call. if not permit given header, browser fails request before sent (hence 0 status code), , reports you.
you not control preflight call - don't create call, set up, or deal results. entirely managed browser, conversation server, see if client permitted 'bend rules'. have no access whatsoever, , thing, makes cors usable without exposing sites various xsrf attacks.
so, since can't inspect headers, how else can find out browser or isn't legal? why not error message?
request header field geoposition not allowed access-control-allow-headers.
i'm not if there better way this, nor there should be. if allowed collaborate remote endpoint , ask changes, consider asking them allow endpoint checks headers supported, or re-send header on other requests (that not preflights) know limited to.
references:
Comments
Post a Comment