Login/Register
HTTP OPTIONS error in Phil Sturgeon's Codeigniter Restserver and Backbone.js
Asked Answered
Solved codeigniterrestbackbone.jshttp-options-methodcodeigniter-restserver
S

3

19

My backbone.js application throwing an HTTP OPTIONS not found error when I try to save a model to my restful web service that's located on another host/URL.

Based on my research, I gathered from this post that :

a request would constantly send an OPTIONS http request header, and not trigger the POST request at all.

Apparently CORS with requests that will "cause side-effects on user data" will make your browser "preflight" the request with the OPTIONS request header to check for approval, before actually sending your intended HTTP request method.

I tried to get around this by:

  • Settting emulateHTTP in Backbone to true.

Backbone.emulateHTTP = true;

  • I also allowed allowed all CORS and CSRF options in the header.

    header('Access-Control-Allow-Origin: *');
    header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept"); header("Access-Control-Allow-Methods: GET, POST, OPTIONS");

The application crashed when the Backbone.emulateHTTP line of code was introduced.

Is there a way to respond to OPTIONS request in CodeIgniter RESTServer and are there any other alternatives to allow either disable this request from talking place?

I found this on Github as one solution. I am not sure if I should use it as it seems a bit outdated.

Stiletto answered 24/3, 2013 at 18:7 Comment(0)
C
51

I encountered exactly the same problem. To solve it I have a MY_REST_Controller.php in core and all my REST API controllers use it as a base class. I simply added a constructor like this to handle OPTIONS requests.

function __construct() {

    header('Access-Control-Allow-Origin: *');
    header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method");
    header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
    $method = $_SERVER['REQUEST_METHOD'];
    if($method == "OPTIONS") {
        die();
    }
    parent::__construct();
}

This just checks if the request type is OPTIONS and if so just dies out which return a code 200 for the request.

Carolinecarolingian answered 11/10, 2013 at 4:28 Comment(5)
After searching for hours; this was the solution. Thanks :)Gluey
On top of it we can add "Access-Control-Allow-Origin" like this, header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); So that here you can check allow which domain access to your api's.Keratinize
probably better to send a 204 response: so code would be: parent::__construct(); if($_SERVER['REQUEST_METHOD'] === "OPTIONS") { $this->response(NULL,HTTP_NO_CONTENT); return; }Necrosis
May I know why do you need to deny all 'OPTIONS' request method?Overprint
It works in local else we need to live and upload to server. Am using codeigniter and react js in front end. Where we have to put this.?Dele
E
7

You can also modify the $allowed_http_methods property in your subclass to exclude the options method. Previous versions of REST_controller did nothing with OPTIONS and adding this line seems to mimic that behavior:

protected $allowed_http_methods = array('get', 'delete', 'post', 'put');
Ehlke answered 11/12, 2013 at 5:25 Comment(2)
solves POST request with AngularJS fails with preflight OPTION status code = 404 with CodeIgniter ResetServerLepley
This is much cleaner that the higher ranking answer. +1Anikaanil
B
0

I solved in this way:

header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, x_requested_with");

if ( "OPTIONS" === $_SERVER['REQUEST_METHOD'] ) {
    die();
}

Pay attention to add x_requested_with in Access-Control-Allow-Headers.

Budworth answered 8/4, 2022 at 11:31 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.