JQuery preflight request CORS
I am writing a web map and try to get fetch a JSON from a web ressource I do have credentials for. This works great in Python running via a JuPyteR notebook:
import requests
header = { "Accept": "application/json, text/plain, */*",
"Accept-Language": "de-DE",
"Content-Type": "application/json",
"Pragma": "no-cache",
"Cache-Control": "no-cache",
"Origin": "https://myCoolServer.azurewebsites.net"}
}
dataJSON = json.dumps({ "username": "XXX",
"password": "XXX"}).encode('utf8')
url = "URL/v1/token"
r = requests.post(url, data=dataJSON, headers=header)
The request from python gives the following header:
'User-Agent': 'python-requests/2.19.1',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'application/json, text/plain, */*',
'Connection': 'keep-alive',
'Accept-Language': 'de-DE',
'Content-Type': 'application/json',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
'Content-Length': '67',
'Origin': 'https://myCoolServer.azurewebsites.net'
Now I am trying to recreate this in JavaScript to get data in my webmap:
$.ajax ({
method: 'POST',
data: JSON.stringify({ "username": name,
"password": pass}),
headers: {
"Accept": "application/json, text/plain, */*",
"Accept-Language": "de-DE",
"Content-Type": "application/json",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
dataType:'json',
url:'URL/v1/token',
error: function() {
alert("Login failed. Check username/password!");
},
success: function(resp) {
token=resp.token;
}
The console shows the following header for the preflight Options call:
Host: "cool API"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-DE
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cache-control,content-type,pragma
Origin: https://myCoolServer.azurewebsites.net
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
The preflight Options response from the server is successfull in terms of a 200 response. Yet I don't get the POST finished as the console in FF and Chrome gives me:
Origin https://myCoolServer.azurewebsites.net not found in Access-Control-Allow-Origin header.
The response header from the Server gives me:
HTTP/1.1 200 OK
Date: Mon, 19 Nov 2018 08:07:30 GMT
Server: Apache/2.4.18 (Ubuntu)
Cache-Control: no-cache, private
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, PUT, GET, DELETE, OPTIONS
Access-Control-Allow-Headers: cache-control,content-type,pragma
Access-Control-Max-Age: 3600
Access-Control-Allow-Origin: null
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
As the whole idea works in Python I hope I can "mimicri" the behaviour in Javascript/Jquery as well. So I am looking for your remarks/hints.
Note: The whole thing works in JS when running on Chrome using a CORS plugin...
javascript python jquery cors
asked Nov 19 '18 at 8:30
RiccardoRiccardo
1066
|
show 6 more comments
I am writing a web map and try to get fetch a JSON from a web ressource I do have credentials for. This works great in Python running via a JuPyteR notebook:
import requests
header = { "Accept": "application/json, text/plain, */*",
"Accept-Language": "de-DE",
"Content-Type": "application/json",
"Pragma": "no-cache",
"Cache-Control": "no-cache",
"Origin": "https://myCoolServer.azurewebsites.net"}
}
dataJSON = json.dumps({ "username": "XXX",
"password": "XXX"}).encode('utf8')
url = "URL/v1/token"
r = requests.post(url, data=dataJSON, headers=header)
The request from python gives the following header:
'User-Agent': 'python-requests/2.19.1',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'application/json, text/plain, */*',
'Connection': 'keep-alive',
'Accept-Language': 'de-DE',
'Content-Type': 'application/json',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
'Content-Length': '67',
'Origin': 'https://myCoolServer.azurewebsites.net'
Now I am trying to recreate this in JavaScript to get data in my webmap:
$.ajax ({
method: 'POST',
data: JSON.stringify({ "username": name,
"password": pass}),
headers: {
"Accept": "application/json, text/plain, */*",
"Accept-Language": "de-DE",
"Content-Type": "application/json",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
dataType:'json',
url:'URL/v1/token',
error: function() {
alert("Login failed. Check username/password!");
},
success: function(resp) {
token=resp.token;
}
The console shows the following header for the preflight Options call:
Host: "cool API"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-DE
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cache-control,content-type,pragma
Origin: https://myCoolServer.azurewebsites.net
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
The preflight Options response from the server is successfull in terms of a 200 response. Yet I don't get the POST finished as the console in FF and Chrome gives me:
Origin https://myCoolServer.azurewebsites.net not found in Access-Control-Allow-Origin header.
The response header from the Server gives me:
HTTP/1.1 200 OK
Date: Mon, 19 Nov 2018 08:07:30 GMT
Server: Apache/2.4.18 (Ubuntu)
Cache-Control: no-cache, private
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, PUT, GET, DELETE, OPTIONS
Access-Control-Allow-Headers: cache-control,content-type,pragma
Access-Control-Max-Age: 3600
Access-Control-Allow-Origin: null
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
As the whole idea works in Python I hope I can "mimicri" the behaviour in Javascript/Jquery as well. So I am looking for your remarks/hints.
Note: The whole thing works in JS when running on Chrome using a CORS plugin...
javascript python jquery cors
asked Nov 19 '18 at 8:30
RiccardoRiccardo
1066
1
Show your server CORS configuration - it looks like there is problem (inAccess-Control-Allow-Origin: null)
– Kamil Kiełczewski
Nov 19 '18 at 8:33
then it shouldn't work in python on my local as well, should it?
– Riccardo
Nov 19 '18 at 8:43
it depends... on what is your origin for request's from python - the difference must be there
– Kamil Kiełczewski
Nov 19 '18 at 8:45
changed post for clarity
– Riccardo
Nov 19 '18 at 8:53
you show your ajax RESPONSE headers, but show your ajax REQUEST headers (chrome> console> networks> your request)
– Kamil Kiełczewski
Nov 19 '18 at 8:55
|
show 6 more comments
I am writing a web map and try to get fetch a JSON from a web ressource I do have credentials for. This works great in Python running via a JuPyteR notebook:
import requests
header = { "Accept": "application/json, text/plain, */*",
"Accept-Language": "de-DE",
"Content-Type": "application/json",
"Pragma": "no-cache",
"Cache-Control": "no-cache",
"Origin": "https://myCoolServer.azurewebsites.net"}
}
dataJSON = json.dumps({ "username": "XXX",
"password": "XXX"}).encode('utf8')
url = "URL/v1/token"
r = requests.post(url, data=dataJSON, headers=header)
The request from python gives the following header:
'User-Agent': 'python-requests/2.19.1',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'application/json, text/plain, */*',
'Connection': 'keep-alive',
'Accept-Language': 'de-DE',
'Content-Type': 'application/json',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
'Content-Length': '67',
'Origin': 'https://myCoolServer.azurewebsites.net'
Now I am trying to recreate this in JavaScript to get data in my webmap:
$.ajax ({
method: 'POST',
data: JSON.stringify({ "username": name,
"password": pass}),
headers: {
"Accept": "application/json, text/plain, */*",
"Accept-Language": "de-DE",
"Content-Type": "application/json",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
dataType:'json',
url:'URL/v1/token',
error: function() {
alert("Login failed. Check username/password!");
},
success: function(resp) {
token=resp.token;
}
The console shows the following header for the preflight Options call:
Host: "cool API"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-DE
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cache-control,content-type,pragma
Origin: https://myCoolServer.azurewebsites.net
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
The preflight Options response from the server is successfull in terms of a 200 response. Yet I don't get the POST finished as the console in FF and Chrome gives me:
Origin https://myCoolServer.azurewebsites.net not found in Access-Control-Allow-Origin header.
The response header from the Server gives me:
HTTP/1.1 200 OK
Date: Mon, 19 Nov 2018 08:07:30 GMT
Server: Apache/2.4.18 (Ubuntu)
Cache-Control: no-cache, private
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, PUT, GET, DELETE, OPTIONS
Access-Control-Allow-Headers: cache-control,content-type,pragma
Access-Control-Max-Age: 3600
Access-Control-Allow-Origin: null
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
As the whole idea works in Python I hope I can "mimicri" the behaviour in Javascript/Jquery as well. So I am looking for your remarks/hints.
Note: The whole thing works in JS when running on Chrome using a CORS plugin...
javascript python jquery cors
asked Nov 19 '18 at 8:30
RiccardoRiccardo
1066
I am writing a web map and try to get fetch a JSON from a web ressource I do have credentials for. This works great in Python running via a JuPyteR notebook:
import requests
header = { "Accept": "application/json, text/plain, */*",
"Accept-Language": "de-DE",
"Content-Type": "application/json",
"Pragma": "no-cache",
"Cache-Control": "no-cache",
"Origin": "https://myCoolServer.azurewebsites.net"}
}
dataJSON = json.dumps({ "username": "XXX",
"password": "XXX"}).encode('utf8')
url = "URL/v1/token"
r = requests.post(url, data=dataJSON, headers=header)
The request from python gives the following header:
'User-Agent': 'python-requests/2.19.1',
'Accept-Encoding': 'gzip, deflate',
'Accept': 'application/json, text/plain, */*',
'Connection': 'keep-alive',
'Accept-Language': 'de-DE',
'Content-Type': 'application/json',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
'Content-Length': '67',
'Origin': 'https://myCoolServer.azurewebsites.net'
Now I am trying to recreate this in JavaScript to get data in my webmap:
$.ajax ({
method: 'POST',
data: JSON.stringify({ "username": name,
"password": pass}),
headers: {
"Accept": "application/json, text/plain, */*",
"Accept-Language": "de-DE",
"Content-Type": "application/json",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
},
dataType:'json',
url:'URL/v1/token',
error: function() {
alert("Login failed. Check username/password!");
},
success: function(resp) {
token=resp.token;
}
The console shows the following header for the preflight Options call:
Host: "cool API"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-DE
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cache-control,content-type,pragma
Origin: https://myCoolServer.azurewebsites.net
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
The preflight Options response from the server is successfull in terms of a 200 response. Yet I don't get the POST finished as the console in FF and Chrome gives me:
Origin https://myCoolServer.azurewebsites.net not found in Access-Control-Allow-Origin header.
The response header from the Server gives me:
HTTP/1.1 200 OK
Date: Mon, 19 Nov 2018 08:07:30 GMT
Server: Apache/2.4.18 (Ubuntu)
Cache-Control: no-cache, private
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, PUT, GET, DELETE, OPTIONS
Access-Control-Allow-Headers: cache-control,content-type,pragma
Access-Control-Max-Age: 3600
Access-Control-Allow-Origin: null
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
As the whole idea works in Python I hope I can "mimicri" the behaviour in Javascript/Jquery as well. So I am looking for your remarks/hints.
Note: The whole thing works in JS when running on Chrome using a CORS plugin...
javascript python jquery cors
javascript python jquery cors
asked Nov 19 '18 at 8:30
RiccardoRiccardo
1066
asked Nov 19 '18 at 8:30
RiccardoRiccardo
1066
edited Nov 19 '18 at 9:15
Riccardo
asked Nov 19 '18 at 8:30
RiccardoRiccardo
1066
asked Nov 19 '18 at 8:30
RiccardoRiccardo
1066
asked Nov 19 '18 at 8:30
RiccardoRiccardo
1066
1066
1
Show your server CORS configuration - it looks like there is problem (inAccess-Control-Allow-Origin: null)
– Kamil Kiełczewski
Nov 19 '18 at 8:33
then it shouldn't work in python on my local as well, should it?
– Riccardo
Nov 19 '18 at 8:43
it depends... on what is your origin for request's from python - the difference must be there
– Kamil Kiełczewski
Nov 19 '18 at 8:45
changed post for clarity
– Riccardo
Nov 19 '18 at 8:53
you show your ajax RESPONSE headers, but show your ajax REQUEST headers (chrome> console> networks> your request)
– Kamil Kiełczewski
Nov 19 '18 at 8:55
|
show 6 more comments
1
Show your server CORS configuration - it looks like there is problem (inAccess-Control-Allow-Origin: null)
– Kamil Kiełczewski
Nov 19 '18 at 8:33
then it shouldn't work in python on my local as well, should it?
– Riccardo
Nov 19 '18 at 8:43
it depends... on what is your origin for request's from python - the difference must be there
– Kamil Kiełczewski
Nov 19 '18 at 8:45
changed post for clarity
– Riccardo
Nov 19 '18 at 8:53
you show your ajax RESPONSE headers, but show your ajax REQUEST headers (chrome> console> networks> your request)
– Kamil Kiełczewski
Nov 19 '18 at 8:55
1
1
Show your server CORS configuration - it looks like there is problem (in
Access-Control-Allow-Origin: null )– Kamil Kiełczewski
Nov 19 '18 at 8:33
Show your server CORS configuration - it looks like there is problem (in
Access-Control-Allow-Origin: null )– Kamil Kiełczewski
Nov 19 '18 at 8:33
then it shouldn't work in python on my local as well, should it?
– Riccardo
Nov 19 '18 at 8:43
then it shouldn't work in python on my local as well, should it?
– Riccardo
Nov 19 '18 at 8:43
it depends... on what is your origin for request's from python - the difference must be there
– Kamil Kiełczewski
Nov 19 '18 at 8:45
it depends... on what is your origin for request's from python - the difference must be there
– Kamil Kiełczewski
Nov 19 '18 at 8:45
changed post for clarity
– Riccardo
Nov 19 '18 at 8:53
changed post for clarity
– Riccardo
Nov 19 '18 at 8:53
you show your ajax RESPONSE headers, but show your ajax REQUEST headers (chrome> console> networks> your request)
– Kamil Kiełczewski
Nov 19 '18 at 8:55
you show your ajax RESPONSE headers, but show your ajax REQUEST headers (chrome> console> networks> your request)
– Kamil Kiełczewski
Nov 19 '18 at 8:55
|
show 6 more comments
2 Answers
2
active
oldest
votes
Python does not check CORS and the browser does to avoid security issues like XSS,
You need to make the server respond the header "Access-Control-Allow-Origin" with the domain from what the endpoint is being called ("https://myCoolServer.azurewebsites.net" ?)
If you want the server to allow being called for any domain use:
"Access-Control-Allow-Origin: *"
( currently is "Access-Control-Allow-Origin: null" )
This is needed because the browser needs to know if that server expect to be called from that domain.
answered Nov 19 '18 at 9:17
Sebastián EspinosaSebastián Espinosa
1,369816
add a comment |
CORS rules are primarily enforced by the client, not by the server. You python script does not implement these rules, hence the request succeeds, but your browser does implement them and blocks the request.
Now the server is supposed to provide information to the client about whether to allow the CORS request. The preflight request is just there to obtain this information (since your request is not a "simple request", cf this doc). In your case, clearly the server is not well configured:
Access-Control-Allow-Origin: null
You should have "*" instead of null, or at least "https://myCoolServer.azurewebsites.net".
answered Nov 19 '18 at 9:19
RolvernewRolvernew
1817
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53370860%2fjquery-preflight-request-cors%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Python does not check CORS and the browser does to avoid security issues like XSS,
You need to make the server respond the header "Access-Control-Allow-Origin" with the domain from what the endpoint is being called ("https://myCoolServer.azurewebsites.net" ?)
If you want the server to allow being called for any domain use:
"Access-Control-Allow-Origin: *"
( currently is "Access-Control-Allow-Origin: null" )
This is needed because the browser needs to know if that server expect to be called from that domain.
answered Nov 19 '18 at 9:17
Sebastián EspinosaSebastián Espinosa
1,369816
add a comment |
Python does not check CORS and the browser does to avoid security issues like XSS,
You need to make the server respond the header "Access-Control-Allow-Origin" with the domain from what the endpoint is being called ("https://myCoolServer.azurewebsites.net" ?)
If you want the server to allow being called for any domain use:
"Access-Control-Allow-Origin: *"
( currently is "Access-Control-Allow-Origin: null" )
This is needed because the browser needs to know if that server expect to be called from that domain.
answered Nov 19 '18 at 9:17
Sebastián EspinosaSebastián Espinosa
1,369816
add a comment |
Python does not check CORS and the browser does to avoid security issues like XSS,
You need to make the server respond the header "Access-Control-Allow-Origin" with the domain from what the endpoint is being called ("https://myCoolServer.azurewebsites.net" ?)
If you want the server to allow being called for any domain use:
"Access-Control-Allow-Origin: *"
( currently is "Access-Control-Allow-Origin: null" )
This is needed because the browser needs to know if that server expect to be called from that domain.
answered Nov 19 '18 at 9:17
Sebastián EspinosaSebastián Espinosa
1,369816
Python does not check CORS and the browser does to avoid security issues like XSS,
You need to make the server respond the header "Access-Control-Allow-Origin" with the domain from what the endpoint is being called ("https://myCoolServer.azurewebsites.net" ?)
If you want the server to allow being called for any domain use:
"Access-Control-Allow-Origin: *"
( currently is "Access-Control-Allow-Origin: null" )
This is needed because the browser needs to know if that server expect to be called from that domain.
answered Nov 19 '18 at 9:17
Sebastián EspinosaSebastián Espinosa
1,369816
answered Nov 19 '18 at 9:17
Sebastián EspinosaSebastián Espinosa
1,369816
answered Nov 19 '18 at 9:17
Sebastián EspinosaSebastián Espinosa
1,369816
answered Nov 19 '18 at 9:17
Sebastián EspinosaSebastián Espinosa
1,369816
1,369816
add a comment |
add a comment |
CORS rules are primarily enforced by the client, not by the server. You python script does not implement these rules, hence the request succeeds, but your browser does implement them and blocks the request.
Now the server is supposed to provide information to the client about whether to allow the CORS request. The preflight request is just there to obtain this information (since your request is not a "simple request", cf this doc). In your case, clearly the server is not well configured:
Access-Control-Allow-Origin: null
You should have "*" instead of null, or at least "https://myCoolServer.azurewebsites.net".
answered Nov 19 '18 at 9:19
RolvernewRolvernew
1817
add a comment |
CORS rules are primarily enforced by the client, not by the server. You python script does not implement these rules, hence the request succeeds, but your browser does implement them and blocks the request.
Now the server is supposed to provide information to the client about whether to allow the CORS request. The preflight request is just there to obtain this information (since your request is not a "simple request", cf this doc). In your case, clearly the server is not well configured:
Access-Control-Allow-Origin: null
You should have "*" instead of null, or at least "https://myCoolServer.azurewebsites.net".
answered Nov 19 '18 at 9:19
RolvernewRolvernew
1817
add a comment |
CORS rules are primarily enforced by the client, not by the server. You python script does not implement these rules, hence the request succeeds, but your browser does implement them and blocks the request.
Now the server is supposed to provide information to the client about whether to allow the CORS request. The preflight request is just there to obtain this information (since your request is not a "simple request", cf this doc). In your case, clearly the server is not well configured:
Access-Control-Allow-Origin: null
You should have "*" instead of null, or at least "https://myCoolServer.azurewebsites.net".
answered Nov 19 '18 at 9:19
RolvernewRolvernew
1817
CORS rules are primarily enforced by the client, not by the server. You python script does not implement these rules, hence the request succeeds, but your browser does implement them and blocks the request.
Now the server is supposed to provide information to the client about whether to allow the CORS request. The preflight request is just there to obtain this information (since your request is not a "simple request", cf this doc). In your case, clearly the server is not well configured:
Access-Control-Allow-Origin: null
You should have "*" instead of null, or at least "https://myCoolServer.azurewebsites.net".
answered Nov 19 '18 at 9:19
RolvernewRolvernew
1817
answered Nov 19 '18 at 9:19
RolvernewRolvernew
1817
answered Nov 19 '18 at 9:19
RolvernewRolvernew
1817
answered Nov 19 '18 at 9:19
RolvernewRolvernew
1817
1817
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53370860%2fjquery-preflight-request-cors%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Show your server CORS configuration - it looks like there is problem (in
Access-Control-Allow-Origin: null)– Kamil Kiełczewski
Nov 19 '18 at 8:33
then it shouldn't work in python on my local as well, should it?
– Riccardo
Nov 19 '18 at 8:43
it depends... on what is your origin for request's from python - the difference must be there
– Kamil Kiełczewski
Nov 19 '18 at 8:45
changed post for clarity
– Riccardo
Nov 19 '18 at 8:53
you show your ajax RESPONSE headers, but show your ajax REQUEST headers (chrome> console> networks> your request)
– Kamil Kiełczewski
Nov 19 '18 at 8:55