We are having some issue with Cross Origin Resource Sharing (CORS) implementation in a restfull web service on web2py. We try to implement CORS on the server side in web2py as suggested here: ( https://groups.google.com/forum/#!msg/web2py/kSUtyNcUQGI/qfiIqfUiWLwJ ) we added following to models/0.py, (to have the response header updated before actual restfull api handler in the controler)
=============================== if request.env.http_origin: #response <https://www.facebook.com/hashtag/response>.headers['Access-Control-Allow-Origin'] = request.env.http_origin response.headers['Access-Control-Allow-Origin'] = "*" response.headers['Access-Control-Allow-Credentials'] = 'true' response.headers['Access-Control-Max-Age'] = 86400 if request.env.request_method == 'OPTIONS': if request.env.http_access_control_request_method: print request.env.http_access_control_request_method response.headers['Access-Control-Allow-Methods'] = request.env.http_access_control_request_method if request.env.http_access_control_request_headers: response.headers['Access-Control-Allow-Headers'] = request.env.http_access_control_request_headers ========================== RESTful POST & GET are now working but PUT and DELETE aren't because preflight http OPTIONS request is rejected as "400 BAD REQUEST" by web2py So for example when calling the restful webservice using ajax call from a local web page, we get the following error msg in NetBeans log. Failed to load resource: the server responded with a status of 400 (BAD REQUEST) (10:46:36:182 | error, network) at http://127.0.0.1:8000/test/default/api/entries/2.json<https://www.facebook.com/l.php?u=http%3A%2F%2F127.0.0.1%3A8000%2Ftest%2Fdefault%2Fapi%2Fentries%2F2.json&h=6AQEXO762AQEdGBr1FA5hs7g-rkoOuV3j_Ls67igLa1ysWw&s=1> Failed to load resource: Origin http://localhost:8383 is not allowed by Access-Control-Allow-Origin. (10:46:36:183 | error, network) at http://127.0.0.1:8000/test/default<https://www.facebook.com/l.php?u=http%3A%2F%2F127.0.0.1%3A8000%2Ftest%2Fdefault&h=SAQHZ1uIiAQF-DetwOo02m0brzq8JFqvX0khT8_XL5fZhqg&s=1> /api/entries/2.json XMLHttpRequest cannot load http://127.0.0.1:8000/test/default /api/entries/2.json. Origin http://localhost:8383 is not allowed by Access-Control-Allow-Origin. (10:46:36:183 | error, javascript) at www/page/test.html -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
