-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OPTIONS HTTP request support #22
Comments
Thanks for this Craig, but I don't think it should be necessary. As I understand it, preflight requests aren't needed for "simple requests" which include all GET and HEAD requests without custom headers (see docs here). If cross-domain XHR requests aren't working for you then it may be that whatever library you're using is adding custom headers to the requests which is triggering the preflight. If you can give me a bit more detail on the issue you're seeing then I'd be happy to try to help. In any case, if we were going to support OPTIONS requests it's not enough to just stop returning 405, we'd need to respond with the appropriate Access-Control-xxxx headers. |
Thanks for the response. Sounds good, missed the part about simple requests on that page when I first read. I did some looking and found that AngularJS by default sets an 'X-Requested-With' header in all its HTTP requests, was triggering the OPTIONS request, which this helped fix. |
I'm encountering this issue when using jQuery.html with script tags inside. jQuery fetches the scripts with XHR and adds the X-Requested-With header, which triggers a preflight OPTIONS request. |
I'm surprised by this as by default jQuery doesn't set If you can post a link to a reproducing example perhaps I can help spot the problem. In any case, I think this is a client error and not an issue with WhiteNoise. |
@evansd You are right. A library I'm using was doing something stupid (calling |
Currently whitenoise only allows GET and HEAD HTTP requests. If you put a CDN in front of whitenoise and attempt to GET an asset across domains, the browser send a preflight ORIGINS HTTP request first, to see if it can then GET the asset. Therefore it would be nice to have the ORIGINS HTTP request permitted as well.
The text was updated successfully, but these errors were encountered: