Are HTTP OPTIONS requests appropriate to determine a user's authorization? I have seen HTTP OPTIONS requests used for preflight to check if a request is valid, but is it okay to use it to determi...

According to https://www.rfc-editor.org/rfc/rfc9110.html#name-options the only response ever mentioned regarding an HTTP OPTIONS request is a 200. However, there seem to be cases such as when the c...

I am making CORS calls. Now, every api call has a OPTIONS preflight call. Is it possible to cache the OPTIONS preflight call? I see that Cache-Control header can be used to cache actual GET respon...

Introduction I've read the following: Hypertext Transfer Protocol (HTTP) is the life of the web. It's used every time you transfer a document, or make an AJAX request. But HTTP is surprisingly a r...

My backbone.js application throwing an HTTP OPTIONS not found error when I try to save a model to my restful web service that's located on another host/URL. Based on my research, I gathered from th...

I'm new to NestJS and on every route my web app is trying to query, it fails on the OPTIONS request, getting: {"statusCode":404,"error":"Not Found","message":"Cannot OPTIONS /authenticate"} h...

My front-end code: <form action="" onSubmit={this.search}> <input type="search" ref={(input) => { this.searchInput = input; }}/> <button type="submit">搜索</button> <...

First off, I've read "How to handle HTTP OPTIONS with Spring MVC?" but the answers do not seem directly applicable to Spring Boot. It looks like I should do this: configure the dispatcherServle...

I'm using Spring Boot to make a simple rest service. To consume it in Angular 2, I've got CORS problem when retrieving token on OAuth /token endpoint. The error message in Chrome is below. error me...

When I configure my RequestMappings in Spring MVC, I'd like to automatically generate the proper Allow header when the OPTIONS method is used. For example, with this controller: @Controller @Requ...

For reasons I don't understand, Safari fails (intermittently but consistently) to connect to our rails app (static front end and api back end) on our QA infrastructure. (I'm going to write another ...

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.js" type="text/javascript"></script> <script> $.get("http://example.com/", function(data) { alert(data); });...

Although the OPTIONS returns * for Allow-Headers I'm getting the following CORS response. Access to XMLHttpRequest at 'https://example1.com' from origin 'https://example2.net' has been blo...

My Sencha Touch app is posting a form to my asp.net-mvc-3 WebService, but instead of sending POST it's sending OPTIONS. I'm reading a similar thread here, but I just don't know how to handle the O...

In my environment, I use perlbal to redirect request to nginx. If verify_backend is on. perbal will send a "OPTIONS *" request to nginx, but the nginx response it as a bad request. According to R...

The Authorization Header is not sent with an HTTP OPTIONS Request. I would like disable this authentication only when the request is OPTIONS and leave it on for other requests. Here is the relevant...

I am working on a project which is using embedded Jetty (unfortunately I just "inherited" the server side of the project and am not very familiar with the use of Jetty and its configuration). An o...

I was attempting to implement CORS support on a Spray server (version 1.1-20131011 where cors headers are already supported). Currently, the server code looks like this: trait DefaultCORSDirectiv...

I'm loading my script on a domain and sending some data with POST and the use of Ext.Ajax.request() to that same domain. Somehow the dev-tools show me, that there is a failed OPTIONS request. Req...

I have an ASP.NET web API that is being called by three different SPA. I am using windows authentication for the web API. I initially tried to configure CORS in the Web.config like this: <httpP...

I'm having some trouble getting jquery to post some json data to a rest method I have on my WCF service. On the WCF side, here's the operation contract: [OperationContract] [WebInvoke(Method = "P...

I'm trying to understand how this system is working under the hood. The system is REST based which is pretty standard, what I don't get the client makes a OPTIONS call before each API call and XML ...

I noticed that the Mozilla HTTP response codes documentation states that The methods PUT, DELETE, and OPTIONS can never result in a 200 OK response. However it doesn't make clear what respons...

I noticed that my Angular is creating OPTIONS request also before each POST request. I'm using custom API Service for HTTP request handling. app.service('ApiService', function ($http) { /** * P...

I have started designing an API and have decided to have a go at making it conform to REST/HATEOAS. What should the entry point for the API be? It seems like a common one is GET / but from what I'...