mardi 7 avril 2015

Server return CORS headers, browser still throwing Cross-Origin Request Blocked error


Vote count:

0




I am newbie to java scripting and CORS and stuck with this problem for some time now. I did lots of reading but no luck. Client running in browser (Chrome/Firefox) and making a PUT request which is resulting in OPTION and PUT requests. Server is redirecting PUT to request to another server. Following is HTTP communication capture between java script based client and java based server:


OPTION Request:





Host: 10.232.65.230:8000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://10.232.65.230:3001
Access-Control-Request-Method: PUT
Connection: keep-alive



OPTION response:





Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: PUT
Access-Control-Allow-Origin: http://10.232.65.230:3001
Access-Control-Max-Age: 1800
Cache-Control: private
Content-Length: 0
Date: Tue, 07 Apr 2015 13:48:50 GMT
Expires: Thu, 01 Jan 1970 05:30:00 IST
Server: Apache-Coyote/1.1



PUT Request:





Host: 10.232.65.230:8000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ift.tt/1HMEpQ3;
Content-Length: 159
Content-Type: text/plain; charset=UTF-8
Origin: http://10.232.65.230:3001
Connection: keep-alive



PUT Response:





Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: PUT
Access-Control-Allow-Origin: http://10.232.65.230:3001
Cache-Control: private
Content-Length: 0
Content-Type: application/xml
Date: Tue, 07 Apr 2015 13:48:50 GMT
Expires: Thu, 01 Jan 1970 05:30:00 IST
Location: http://ift.tt/1E0rVFd;
Server: Apache-Coyote/1.1



However instead of redirecting to the location provided, browser throwing following error:





Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://ift.tt/1HMEq6q. This can be fixed by moving the resource to the same domain or enabling CORS.



asked 1 min ago







Server return CORS headers, browser still throwing Cross-Origin Request Blocked error

Aucun commentaire:

Enregistrer un commentaire