search

doedje / jquery.soap

This script uses $.ajax to send a SOAP:Envelope. It can take XML DOM, XML string or JSON as input and the response can be returned as either XML DOM, XML string or JSON too.
352 stars 147 forks source link

Each soap call is divided into two requests (OPTIONS and POST) #97

Closed amarbader closed 8 years ago

amarbader commented 8 years ago

Details: jquery-2.2.3

jquery.soap-1.6.7

The code call: $.soap({ url: 'the url', method: 'getLayer',

    data: {
        depth: depth
    },
    SOAPAction: 'action',
    namespaceURL: 'the namespace',

    beforeSend: function (SOAPEnvelope) {
        // show loading image
    },
    success: function (SOAPResponse) {
        var json = ParseSoapResponseToJSON(SOAPResponse, 'getLayer');

        if (json != undefined) {
            // do something with the results.
        }
    },
    error: function (SOAPResponse) {
        // issue an error.
    },
    // WS-Security
    wss: {
        username: 'xx',
        password: 'xxxx'
    },
});

The issue: I see that it always sends two requests one after the other, the first one is with no input or header information (OPTIONS), and the second one with the right parameters (POST)

I verified calling the service once, in the "chrome" network viewer (XHR), it is called twice.

First request: Request URL:"the right url" Request Method:OPTIONS Status Code:200 OK Response Headers view source Access-Control-Allow-Credentials:true Access-Control-Allow-Headers:soapaction,origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept Access-Control-Allow-Methods:POST Access-Control-Allow-Origin:null Access-Control-Max-Age:10 Content-Length:0 Date:Sat, 02 Jul 2016 14:38:40 GMT Server:Apache-Coyote/1.1 Request Headers view source Accept:/ Accept-Encoding:gzip, deflate, sdch Accept-Language:en-US,en;q=0.8 Access-Control-Request-Headers:accept, content-type, soapaction Access-Control-Request-Method:POST Connection:keep-alive Host:127.0.0.1:8080 Origin:null

User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Second request: Request URL:"The right url" Request Method:POST Status Code:200 OK Response Headers view source Access-Control-Allow-Credentials:true Access-Control-Allow-Origin:null Access-Control-Expose-Headers:Access-Control-Allow-Origin,Access-Control-Allow-Credentials,SoapAction Content-Type:text/xml;charset=UTF-8 Date:Sat, 02 Jul 2016 14:38:40 GMT Server:Apache-Coyote/1.1 Transfer-Encoding:chunked Request Headers view source Accept:application/xml, text/xml, /; q=0.01 Accept-Encoding:gzip, deflate Accept-Language:en-US,en;q=0.8 Connection:keep-alive Content-Length:879 Content-Type:text/xml; charset=UTF-8 Host:127.0.0.1:8080 Origin:null SOAPAction:action User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Request Payload

Why it is divided into two requests, OPTIONS and POST? is this right, maybe I am missing some knowledge in this area, please advice.

Thanks and best regards

doedje commented 8 years ago

Dear amarbader,

This is indeed perfectly normal browser behavior. Part of the CORS protocol: https://en.wikipedia.org/wiki/Cross-origin_resource_sharing https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

It is triggered in your case because you make a cross-origin call to your soap server. Going from localhost:80 to localhost:8080 is already cross-origin because of the other portnumber. The OPTIONS call is done to see wheither you are allowed to access the service on 8080 from another origin, the browser checks the Access-Control-* headers to see if it is okay to do the real call, the POST call...

Hope this helps you understand what is going on.

good luck!

Best regards

Remy Blom

On 02 Jul 2016, at 16:58, amarbader notifications@github.com wrote:

Details: jquery-2.2.3

jquery.soap-1.6.7

The code call: $.soap({ url: 'the url', method: 'getLayer',

data: {
    depth: depth
},
SOAPAction: 'action',
namespaceURL: 'the namespace',

beforeSend: function (SOAPEnvelope) {
    // show loading image
},
success: function (SOAPResponse) {
    var json = ParseSoapResponseToJSON(SOAPResponse, 'getLayer');

    if (json != undefined) {
        // do something with the results.
    }
},
error: function (SOAPResponse) {
    // issue an error.
},
// WS-Security
wss: {
    username: 'xx',
    password: 'xxxx'
},

}); The issue: I see that it always sends two requests one after the other, the first one is with no input or header information (OPTIONS), and the second one with the right parameters (POST)

I verified calling the service once, in the "chrome" network viewer (XHR), it is called twice.

First request: Request URL:"the right url" Request Method:OPTIONS Status Code:200 OK Response Headers view source Access-Control-Allow-Credentials:true Access-Control-Allow-Headers:soapaction,origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept Access-Control-Allow-Methods:POST Access-Control-Allow-Origin:null Access-Control-Max-Age:10 Content-Length:0 Date:Sat, 02 Jul 2016 14:38:40 GMT Server:Apache-Coyote/1.1 Request Headers view source Accept:/ Accept-Encoding:gzip, deflate, sdch Accept-Language:en-US,en;q=0.8 Access-Control-Request-Headers:accept, content-type, soapaction Access-Control-Request-Method:POST Connection:keep-alive Host:127.0.0.1:8080 Origin:null

User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36

Second request: Request URL:"The right url" Request Method:POST Status Code:200 OK Response Headers view source Access-Control-Allow-Credentials:true Access-Control-Allow-Origin:null Access-Control-Expose-Headers:Access-Control-Allow-Origin,Access-Control-Allow-Credentials,SoapAction Content-Type:text/xml;charset=UTF-8 Date:Sat, 02 Jul 2016 14:38:40 GMT Server:Apache-Coyote/1.1 Transfer-Encoding:chunked Request Headers view source Accept:application/xml, text/xml, /; q=0.01 Accept-Encoding:gzip, deflate Accept-Language:en-US,en;q=0.8 Connection:keep-alive Content-Length:879 Content-Type:text/xml; charset=UTF-8 Host:127.0.0.1:8080 Origin:null SOAPAction:action User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Request Payload

Why it is divided into two requests, OPTIONS and POST? is this right, maybe I am missing some knowledge in this area, please advice.

Thanks and best regards

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/doedje/jquery.soap/issues/97, or mute the thread https://github.com/notifications/unsubscribe/ADd9g02Ue-lE0C5FN4KiLkE9ZoIbg3jyks5qRnyHgaJpZM4JDsJq.

amarbader commented 8 years ago

Thanks a lot Remy for the outstanding clarification.

Haibarbe-Kreativ commented 8 years ago

On your webserver you can just test for the type of request if it is an OPTIONS call just return the neccessary headers for CORS-Requests:

  1. Access-Control-Allow-Origin: *
  2. Access-Control-Allow-Headers: X-Requested-With

Whats your webserver programming language? if it is PHP then I got a small example for you but of course it is possible with all other server side languages too. Just take a look into the documentation:

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { // return only the headers and not the content // only allow CORS if we're doing a GET - i.e. no saving for now. //if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) &&
//$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'GET') { header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Headers: X-Requested-With'); //} exit; }

amarbader commented 8 years ago

Thanks Haibarbe, I will check according your suggestion.

andreszs commented 7 years ago

Sorry to sound impolite, but this is a very stupid feature that should come disabled by default. You are seriously making a secondary and totally useless request "just to see" if the server is configured properly? Exactly why?

Let's assume the server blocks the POST cross-domain requests, OK. Any developer with 2 hours of experience will find out that the request is blocked due to cross domain and fix it accordingly on the server. So, why persist in making useless requests that slow down our apps and consume innecessary bandwidth, over and over again??

Please allow an easy way to disable this, you are forcing all users to to waste bandwidth, time and resources absolutely for no reason at all.

doedje commented 7 years ago

@andreszs: it's the browser doing this. Educate yourself. Be any developer with more than 2 hours experience...... Read, google, learn. Stop waisting my time...

doedje commented 7 years ago

@andreszs : If you want to react to this, feel free to do so in #115 but as far as I am concerned you are just another troll with a big mouth and absolutely NO KNOWLEDGE of what the F*K is going on.... Don't waist my time with being so stupid... Google and learn.... You seem to think you are quite an experienced programmer, but your posts prove that is not the case.... really, google and learn...