TimothyLoyer/cors_wrangling.md

Last active August 29, 2015 14:06

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/TimothyLoyer/e9bc753e3466ee309685.js"></script>
Save TimothyLoyer/e9bc753e3466ee309685 to your computer and use it in GitHub Desktop.

Download ZIP

CORS

Raw

cors_wrangling.md

Putting all the knowledge I find on CORS, needs of various HTTP verbs, and specific browser needs here.

Options

Access-Control-Allow-Headers should be set to "*" only for OPTIONS requests. If you return it for POST requests Chrome will cancel the request.

Works for GET preflight: Access-Control-Allow-Origin: {origin} Access-Control-Allow-Methods: GET, POST, PUT, DELETE Access-Control-Allow-Headers: Authorization, Content-Type

Actual

Access-Control-Allow-Origin: {origin}

Caveats

Requests with Authorization headers will always be preflighted. It is not a simple request. [1]

Useful Links

[1] https://code.google.com/p/twitter-api/issues/detail?id=2273

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment