Custom Headers on Preflight Request for HTTP Method OPTIONS

I spent a few hours on this, it looks like we can’t add custom headers on a preflight request.  We’re using JQuery/Backbone/Marionette, and some of the cross origin requests (HTTP POST and GET with custom headers) are causing a preflight request to happen.

Apparently the preflight requests are generated by the browser, and we can’t control the headers in that request.  The server needs to handle the HTTP OPTIONS request properly and return a 200 code in order for the request to continue.

In my case, the OPTIONS request was going to a resource requiring authentication, so I’m thinking that I need to allow OPTIONS requests to get a response without authentication.

Here’s the helpful resource that I ran across.  http://www.sencha.com/forum/showthread.php?265119-Authorization-header-not-sent-on-preflight-OPTIONS-request

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s