I've just noticed that the JavaScript library (the one that HighWire's been working on) has started throwing errors recently. The browser throws an error Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.
I've done some research it looks like jQuery is expecting that the REST api return a header similar to:
Specially the problem is that jQuery always sends a X-Requested-With header when doing an AJAX request (there is no way to disable this), but the REST api needs to explicitly allow this header to be sent (which it is not doing), so the request fails.
Would you folks be willing to fix this by extending the values your Access-Control-Allow-Headers header?
Ultimately it's really a bug in jQuery in that jQuery does not allow a developer to strip the x-requested-with header (it does for local requests, but not for cross-domain requests). Theoretically we could not use jQuery and use the raw XMLHttpRequest object, but I figure it's better if your REST api was configured to work with jQuery given how popular it is.
Some links that I found that describe the problem:
I've just noticed that the JavaScript library (the one that HighWire's been working on) has started throwing errors recently. The browser throws an error
Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.I've done some research it looks like jQuery is expecting that the REST api return a header similar to:
Access-Control-Allow-Headers: origin, content-type, accept, x-requested-withSpecially the problem is that jQuery always sends a X-Requested-With header when doing an AJAX request (there is no way to disable this), but the REST api needs to explicitly allow this header to be sent (which it is not doing), so the request fails.
Would you folks be willing to fix this by extending the values your
Access-Control-Allow-Headersheader?Ultimately it's really a bug in jQuery in that jQuery does not allow a developer to strip the x-requested-with header (it does for local requests, but not for cross-domain requests). Theoretically we could not use jQuery and use the raw XMLHttpRequest object, but I figure it's better if your REST api was configured to work with jQuery given how popular it is.
Some links that I found that describe the problem:
http://stackoverflow.com/questions/8679848/cross-domain-ajax-rest-service-http-headers
http://www.html5rocks.com/en/tutorials/cors/