lundi 19 mai 2014

jQuery - SCRO en-tête Access-Control-Allow-Origin générique échec après successives - Stack Overflow


I have two endpoints, a www and an api. The API drives backbone.js collections and this has so far run without a hitch. A new RPC enpoint is failing a Access-Control-Allow-Origin CORS check, but I don't know how to debug. Several preflight OPTIONS calls from the website are successful in returning a result-set, however this new one is failing outright. The new RPC which is failing is manually fired by a button click. It does not exist within an iframe or any container with a weird security scope. All this is happening in the same web page.


I have 3 calls for certain collections, with request/response as follows :


Request :


Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, authorization, origin
Access-Control-Request-Method:GET

Response:


Access-Control-Allow-Headers:X-Requested-With,Authorization,Accept,Origin,Content-Type
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:*
Connection:keep-alive
Content-Length:2
Content-Type:text/plain
Date:Tue, 26 Feb 2013 01:53:33 GMT
Server:nginx/1.1.19
X-Frame-Options:DENY
X-Powered-By:Express

^^ Victory! All collections are populating. I can GET/POST/PUT/DELETE models in these collections with impunity.


The call that is failing :


OPTIONS (preflight)


Request:


Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, origin, authorization, content-type
Access-Control-Request-Method:GET
Cache-Control:no-cache
Connection:keep-alive
Host:api.bip.io
Origin:https://bip.io
Pragma:no-cache
Referer:https://bip.io/dash/account
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko Chrome/24.0.1312.52 Safari/537.17

Response:


Access-Control-Allow-Headers:X-Requested-With,Authorization,Accept,Origin,Content-Type
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:*
Connection:keep-alive
Content-Length:2
Content-Type:text/plain
Date:Tue, 26 Feb 2013 01:55:26 GMT
Server:nginx/1.1.19
X-Frame-Options:DENY
X-Powered-By:Express

GET Request


GET /rpc/domain/confirm/55e648b5-1098-41e8-9d76-bd020ebe6d37

Request URL:https://api.bip.io/rpc/domain/confirm/55e648b5-1098-41e8-9d76-bd020ebe6d37
Accept:application/json, text/javascript, */*; q=0.01
Authorization:Basic {XX-OBFUSCATED}
Cache-Control:no-cache
Content-Type:application/json
Origin:https://bip.io
Pragma:no-cache
Referer:https://bip.io/dash/account
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17

The Chrome Error for the last request is :


XMLHttpRequest cannot load https://api.bip.io/rpc/domain/confirm/55e648b5-1098-41e8-9d76-bd020ebe6d37. 
Origin https://bip.io is not allowed by Access-Control-Allow-Origin.

All of these calls get funneled through this jQuery v1.8.2 method :


//  request handler
    _request : function(payload, methodAPI, methodHTTP, onSuccess, onFail) {
        var self = this;
        var payload = null == payload ? payload : JSON.stringify(payload);

        var reqStruct = {
            type: methodHTTP,
            contentType: 'application/json',
            dataType: 'json',
            url: methodAPI,
            success: function(resData, status, xhr) {
                if (undefined != onSuccess) {
                    onSuccess(resData, payload);
                }
            },
            error: function(xhr, status, errText) {
                if (undefined !== onFail) {
                    onFail(xhr.status, status, errText, payload);
                }
            }
        };

        if (null !== payload) {
            reqStruct.data = payload;
        }

        $.ajax(reqStruct);
    }

How to debug?? Thanks!



I have two endpoints, a www and an api. The API drives backbone.js collections and this has so far run without a hitch. A new RPC enpoint is failing a Access-Control-Allow-Origin CORS check, but I don't know how to debug. Several preflight OPTIONS calls from the website are successful in returning a result-set, however this new one is failing outright. The new RPC which is failing is manually fired by a button click. It does not exist within an iframe or any container with a weird security scope. All this is happening in the same web page.


I have 3 calls for certain collections, with request/response as follows :


Request :


Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, authorization, origin
Access-Control-Request-Method:GET

Response:


Access-Control-Allow-Headers:X-Requested-With,Authorization,Accept,Origin,Content-Type
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:*
Connection:keep-alive
Content-Length:2
Content-Type:text/plain
Date:Tue, 26 Feb 2013 01:53:33 GMT
Server:nginx/1.1.19
X-Frame-Options:DENY
X-Powered-By:Express

^^ Victory! All collections are populating. I can GET/POST/PUT/DELETE models in these collections with impunity.


The call that is failing :


OPTIONS (preflight)


Request:


Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, origin, authorization, content-type
Access-Control-Request-Method:GET
Cache-Control:no-cache
Connection:keep-alive
Host:api.bip.io
Origin:https://bip.io
Pragma:no-cache
Referer:https://bip.io/dash/account
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko Chrome/24.0.1312.52 Safari/537.17

Response:


Access-Control-Allow-Headers:X-Requested-With,Authorization,Accept,Origin,Content-Type
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:*
Connection:keep-alive
Content-Length:2
Content-Type:text/plain
Date:Tue, 26 Feb 2013 01:55:26 GMT
Server:nginx/1.1.19
X-Frame-Options:DENY
X-Powered-By:Express

GET Request


GET /rpc/domain/confirm/55e648b5-1098-41e8-9d76-bd020ebe6d37

Request URL:https://api.bip.io/rpc/domain/confirm/55e648b5-1098-41e8-9d76-bd020ebe6d37
Accept:application/json, text/javascript, */*; q=0.01
Authorization:Basic {XX-OBFUSCATED}
Cache-Control:no-cache
Content-Type:application/json
Origin:https://bip.io
Pragma:no-cache
Referer:https://bip.io/dash/account
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17

The Chrome Error for the last request is :


XMLHttpRequest cannot load https://api.bip.io/rpc/domain/confirm/55e648b5-1098-41e8-9d76-bd020ebe6d37. 
Origin https://bip.io is not allowed by Access-Control-Allow-Origin.

All of these calls get funneled through this jQuery v1.8.2 method :


//  request handler
    _request : function(payload, methodAPI, methodHTTP, onSuccess, onFail) {
        var self = this;
        var payload = null == payload ? payload : JSON.stringify(payload);

        var reqStruct = {
            type: methodHTTP,
            contentType: 'application/json',
            dataType: 'json',
            url: methodAPI,
            success: function(resData, status, xhr) {
                if (undefined != onSuccess) {
                    onSuccess(resData, payload);
                }
            },
            error: function(xhr, status, errText) {
                if (undefined !== onFail) {
                    onFail(xhr.status, status, errText, payload);
                }
            }
        };

        if (null !== payload) {
            reqStruct.data = payload;
        }

        $.ajax(reqStruct);
    }

How to debug?? Thanks!


0 commentaires:

Enregistrer un commentaire