TomasKulhanek
commented
7 years ago Workaround: use aurelia-fetch-client without setting any content-type. aurelia-http-client seems to set some HTTP header which triggers the HTTP OPTIONS.
Closed TomasKulhanek closed 7 years ago
TomasKulhanek
commented
7 years ago Workaround: use aurelia-fetch-client without setting any content-type. aurelia-http-client seems to set some HTTP header which triggers the HTTP OPTIONS.
TomasKulhanek
commented
7 years ago It is issue of PDB REST API, not a VF issue, thus closing as workaround exists.
1) our component is hosted at portal.west-life.eu (or localhost) 2) our component sets the Content-type to application/json 3) our component tries to get data from the host http:/www.ebi.ac.uk/pdbe/api/pdb/entry/molecules/2hhd
This is commonly recognized as cross origin HTTP request. How to handle this is described in cross origin resource sharing mechanism - part of W3C recommendation since 2014 https://www.w3.org/TR/cors/. Because of point 2) the browsers triggers a pre-flight request - HTTP OPTION to determine whether the cross origin request GET with this content-type is allowed.
As www.ebi.ac.uk response is HTTP 405, then the browser correctly do not continue and don't trigger the GET request, thus point 3) fails, even GET method with this content type is allowed. Note that no CORS mechanism is triggered for PDB component library, as this library originates at ebi.ac.uk site, thus any request to this site are not cross origin.
The solution:
A) Apache web server can have a module where allowing methods can be configured in one row for specific location https://httpd.apache.org/docs/trunk/mod/mod_allowmethods.html without touching the code of subsequent framework.
B) or I suspect that your framework is Django, I've seen that HTTP OPTIONS feature is also somehow supported - but not enabled/implemented by default.
C) or as a workaround I removed the point 2) in our component and pray for getting JSON response. In this case the CORS pre-flight mechanism is not triggered and GET request is fired directly by the browser to the http://www.ebi.ac.uk ... I've checked and this works.
However I do not consider C as proper solution. A or B should be implemented on your web server site to follow the standards, lack of support in some subsequent framework should not be an excuse.