Re: Allow-Methods header

Tue, 03 Jul 2012 13:44:49 -0700 

Hi Alessandro.
I'm not sure I understand what you mean (sorry if I'm being redundant here, but I'll simply summarize what I understood). I'm new to CORS and to HttpRequests in general, but from what I read so far I got that every preflight request is using method OPTIONS. E.g. in [1], it says that 


"if the resource author wants to be able to handle cross-origin requests 
using methods other thansimple methods 
<http://www.w3.org/TR/cors/#simple-method>. In that case the author 
needs to reply to a preflight request that uses the|OPTIONS|method and 
then needs to handle the actual request that uses the desired method 
(|DELETE|or PUT) and give an appropriate response. The response to the 
preflight request could have the following headers specified:


|Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: PUT, DELETE|(, otherMethods)*     "



My preflight request has verb OPTIONS and sends 
'Access-Control-Request-Method: (PUT|DELETE)' in order to check whether 
PUT|DELETE are allowed methods for that endpoint. For this request, I 
get status code 200 OK, but the PUT request is not executed since the 
returned response contains only 'Access-Control-Allow-Methods: GET, 
POST, OPTIONS'.



On the entityhub/entity/, on the other hand, it's also a preflight 
request (OPTIONS) asking for PUT, and the response returns 
'Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS'. And 
here, the PUT access works.


Best,
melanie

[1] http://www.w3.org/TR/cors/



Am 03.07.2012 18:01, schrieb Alessandro Adamou:

On 7/2/12 8:35 PM, Melanie Reiplinger wrote:

presently NOT-working:
--------------------------------

./ontonet/ontology/pizzaScope                     PUT {GET, POST, 
OPTIONS}
./ontonet/ontology/pizzaScope                    DELETE {GET, POST, 
OPTIONS}



I committed a modification in ontologymanager.web today, where the 
PUT and DELETE methods are explicitly added on OPTIONS preflight 
request. Don't know if this helps because I haven't been able to 
test it. Does it work better for you?



I just updated and rebuilt Stanbol, but I'm still getting 'Method not 
allowed' for the PUT and DELETE preflight requests.


And if you make an OPTIONS request?

It might help me if it does, as I don't quite dig CORS.


Did you make them appear in the Access-Control-Allow-Methods header?



I don't have the tools at hand for figuring this out right now, that's 
why I am asking. I am sorry for having to bother you.


Best,
-- alessandro




























					Reply via email to