var myAjax = new Ajax.Request(
requestHeaders :["Access-Control-Allow-Origin","*","Access-Control-Allow-Methods","POST, GET, OPTIONS","Access-Control-Allow-Headers", "X-PINGOTHER","Access-Control-Max-Age","1728000"],
I am calling this on load and I see an error that says
HTTP/1.1 401 Unauthorized in the Firefox web console. The same thing works fine in IE. I am using IE 8.0 and Firefox 8 for this.
Apart from the
requestHeaders, Is there something else I have to add?
The Http Headers captured are as follows, even then the ajax request does not seem to be working,
OPTIONS http://www.google.com/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
Accept-Encoding: gzip, deflate
HTTP/1.1 405 Method Not Allowed
Content-Type: text/html; charset=UTF-8
Date: Fri, 25 Nov 2011 05:53:54 GMT
i am facing the same issue.
This is what i found out about it so far:
(Versions of Firefox prior to Firefox 3 allowed you to set the preference capability.policy..XMLHttpRequest.open to allAccess to give specific sites cross-site access. This is no longer supported.)
Hope this will help...
You are trying to send 'Access-Control-Allow-*' headers with request.
Instead you server should reply with these headers.
CORS (preflight) works this way:
Browser asks from server permission to send request: Access-Control-Request-* headers (Browser adds them automatically when you try to do cross domain request)
Server responds with Access-Control-Allow-* headers making browser know if it is allowed to send real request
Curl command should show you something like that:
curl -v -H 'Origin: http://myserver' -X OPTIONS -H 'Access-Control-Request-Methods: GET' -H 'Access-Control-Request-Headers: X-Requested-With' http://someotherdomain:8080/imghtml?img=100
* Connected to someotherdomain port 8080 (#0) > OPTIONS /imghtml?img=100 HTTP/1.1 > User-Agent: curl/7.30.0 > Host: someotherdomain:8080 > Accept: */* > Origin: http://myserver > Access-Control-Request-Methods: GET > Access-Control-Request-Headers: X-Requested-With > < HTTP/1.1 200 OK < Date: Wed, 08 May 2013 14:34:45 GMT < Access-Control-Allow-Origin: * < Access-Control-Allow-Headers: X-Requested-With < Access-Control-Allow-Methods: GET < Access-Control-Max-Age: 86400 < Content-Length: 0 < Content-Type: text/plain < * Connection #0 to host someotherdomain left intact
If you are not interested in sending any custom headers to server. Then just drop Access-Control-Allow-Headers: line