Closed alexmsenger closed 5 years ago
mheumann
commented
6 years ago After all my analysis I don't see the error in the frontend. Since we have to deal with CORS there is first an Options-Requests sent which asks if the headers content-type and x-user-id is allowed. But my request gives a 403 (Forbidden) answer and not 400 (Bad Request). That means that my request is ok, but the server is missing something from me or expects something from my OPTION-Request that I can't deliver.
alexmsenger
commented
6 years ago I missed the Accept header field in the CORS config, but it's there now.
The server is (in theory) able to (de)serialize the data in more than one format (XML, JSON, ...). That why it requires a specification what type of content to expect in a POST or PUT Request (Content-Type) or what kind of format the frontend wants the content to be in after a GET request. (Accept). Without any of the fields the backend will not be able to handle the request as it cannot infer.
When I use the frontend with the currently deployed staging and I click on "Methode erstellen" I can see two GET Requests for types, one of them with 200 and one with 415 ("Unsupported Media Type"). Nevertheless the correct data is there! => Accept and Content-Type headers.
alexmsenger
commented
5 years ago Still needed?
alexmsenger
commented
5 years ago Closes with #6
Requests will fail without the appropriate content specified.