Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Ajax request returns OPTIONS message 403 Forbidden

  1. #1
    Sencha User
    Join Date
    Apr 2012
    Posts
    103
    Answers
    5

    Default Answered: Ajax request returns OPTIONS message 403 Forbidden

    Hi there,

    I'm sending an Ajax Request to a webservice located on another domain (running on IIS7) with POST method :
    • I get the response I'm expecting :-)
    • Unfortunately, I also get an error message in my Google Chrome console, :-(
    OPTIONS http://mydomain/webservice.svc/mobile/StartSession_Mobile 403 (Forbidden)
    Moreover, on the server side, I allowed some headers :
    Code:
    • Access-Control-Allow-Headers: origin, x-requested-with, content-type
    • Access-Control-Allow-Methods: POST, GET, OPTIONS
    • Access-Control-Allow-Origin: *
    Here is the bit of code:
    Code:
    Ext.Ajax.setUseDefaultXhrHeader(false);        
    Ext.Ajax.setDefaultPostHeader('application/json');
    Ext.Ajax.request({
                url: 'http://mydomain/webservice.svc/mobile/StartSession_Mobile',
                method: 'POST',
                params: '{"company":"mycompany"}'
     });
    Any help or advices would be greatly appreciated.

    Regards,
    Pepperseb

  2. I've figured it out.

    Actually, I was running my app on localhost so I decided to build my app (sencha app build production command) and then to upload the directory to my FTP.

    Et voila! I've got rid of this thanks to this simple trick

    Thanks again, great framework, smooth render.

  3. #2
    Sencha Premium User mitchellsimoens's Avatar
    Join Date
    Mar 2007
    Location
    Gainesville, FL
    Posts
    40,379
    Answers
    3997

    Default

    Look at the Network tab, are you getting the headers in the OPTIONS request?
    Mitchell Simoens @LikelyMitch

    Check out my GitHub:
    https://github.com/mitchellsimoens

    Posts are my own, not any current, past or future employer's.

  4. #3
    Sencha User
    Join Date
    Apr 2012
    Posts
    103
    Answers
    5

    Default

    Yes :

    Request Headers :

    • Access-Control-Allow-Headers:
      origin, x-requested-with, content-type
    • Access-Control-Allow-Methods:
      POST, GET, OPTIONS
    • Access-Control-Allow-Origin:
      *
    • Content-Length:
      1964
    • Content-Type:
      text/html
    • Date:
      Thu, 26 Apr 2012 07:03:37 GMT
    • Server:
      Microsoft-IIS/6.0
    • X-Powered-By:
      ASP.NET

  5. #4
    Sencha Premium User
    Join Date
    Mar 2010
    Location
    Romania
    Posts
    628
    Answers
    67

    Default

    Code:
    options = {
                    url: details.get('url'),
                    jsonData:ps,
                    method: details.get('httpMethod') || "GET",
                    withCredentials:true,
                    callback:callback,
                    scope:scope,
                    disableCaching:true
    
    
                };
                Ext.Ajax.request(options);

  6. #5
    Sencha User
    Join Date
    Apr 2012
    Posts
    103
    Answers
    5

    Default

    I've figured it out.

    Actually, I was running my app on localhost so I decided to build my app (sencha app build production command) and then to upload the directory to my FTP.

    Et voila! I've got rid of this thanks to this simple trick

    Thanks again, great framework, smooth render.

  7. #6
    Sencha Premium User
    Join Date
    Mar 2010
    Location
    Romania
    Posts
    628
    Answers
    67

    Default

    What was the trick again?

  8. #7
    Sencha Premium User
    Join Date
    Mar 2010
    Location
    Romania
    Posts
    628
    Answers
    67

    Default

    You didn't solved the issue, you just changed the environment parameters. If you ever use the application with the web services on a different domain, you will get into the same trouble, no matter you use the production build and you upload on your server

    You need to specify the right headers (allow-methods:options,get,put,etc,allow-origin) on the server side and add withCredentials:true on the client side, this way you will be able to test on the localhost as well as on virtual devices. That's the `trick`

  9. #8
    Sencha User
    Join Date
    Apr 2012
    Posts
    103
    Answers
    5

    Default

    Moving my app from localhost to my FTP. And I haven't had to try the solution you provided, but i'm sure it will help some people. Thank you.

  10. #9
    Sencha User
    Join Date
    Apr 2012
    Posts
    103
    Answers
    5

    Default

    Quote Originally Posted by bluehipy View Post
    You didn't solved the issue, you just changed the environment parameters. If you ever use the application with the web services on a different domain
    The main problem with "withCredentials:true" is that, I think, I will need to specify on the server side each URL that will try to reach the webservice.

    Indeed, you're right, I'll need to use cross domain in the future and I'll still have the issue so I will seriously have a look at your solution
    Last edited by pepperseb; 26 Apr 2012 at 6:45 AM. Reason: bluehipy is right

  11. #10
    Sencha User
    Join Date
    Apr 2012
    Posts
    103
    Answers
    5

    Default

    Ok, I've add withCredential:true and I got the following error:

    XMLHttpRequest cannot load http://mydomain/webservice.svc/mobile/StartSession_Mobile. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
    I was expecting this error, so I'm up to remove the wildcard and put the domain where my app is located but in this case of localhost developping/testing, what should I put? It's non-sense to put localhost as an access-control-allow-origin domain.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •