-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deal with antiCORS proxies. #1
Comments
Looking at https://developer.mozilla.org/en/docs/HTTP/Access_control_CORS#Preflighted_requests it seems to me that the reason is that we set |
I'm not sure, from what I understand the Rakuten proxy redirects the queries, thus impacting the Origin header, which is not accepted when making a CORS request. But I haven't got time to investigate yet (this will be a pain to reproduce actually) so I may be wrong. |
What I meant is, there's a preflight query required at all (also for me when I checked in Fiddler), because of AFAIU the presence of Anyway on top of that, there might be indeed some other issues with the Rakuten proxy, maybe they're injecting some more custom headers (which is typical for proxies) which are doing harm. I'm not a CORS expert unfortunately :) Would be good if @piuccio pasted here the request headers he gets in Fiddler when requesting the multiparts for the first time (with empty cache etc). |
Request
Response
|
Yup, I already saw in the logs that we don't get OPTIONS requests from your IP, only GET. |
The good news is that setting |
Apparently in angular they prefer not using this non-standard header. x-requested-with is basically needed only when the same entry point must return two different results whether it's AJAX or not. |
Agreed with @piuccio - we may even think about removing this header from the fwk by default in the new version of AT, after making sure if it doesn't break the Big Apps using AT. If it's not needed by default, then we're just wasting bandwidth, and small things add up [1]. We shouldn't be like IE7 ;) [2] [1] http://chrishateswriting.com/post/68794699432/small-things-add-up |
Fixed in commit f0f1934 |
Some proxies filter CORS request that need preflight which obviously breaks the load of AT.
See ariatemplates-plugins/calendarwidget#4 as reported by @piuccio.
The text was updated successfully, but these errors were encountered: