POST request get fail with the browser OPTIONS preflight request

Question

POST request get fail with the browser OPTIONS preflight request

1.5k views Asked by Dvir At 22 November 2024 at 23:46

My Problem:
The browser does not allow the request to be sent because of the OPTIONS request failure.

The data sent with javascript and it looks like that:

var params = "grant_type=password&username=" + username + "&password=" + password;
        $http({
            url: '/Token',
            method: "POST",
            withCredentials: true,
            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
            data: params
        })

This is how it looks like from the chrome console after the request: enter image description here

Note
When i'm trying to post from fiddler the request is successfully succeed.
But if i'm trying to make an options request from fiddler it fails as the chrome does.

Any ideas?

Original Q&A

There are 1 answers

**john** · Answer 1 · 2014-12-07 01:20:13

Many providers do not allow this method as it could be used for malicious purposes.

To quote the spec:

This method allows the client to determine the options and/or requirements 
associated with a resource, or the capabilities of a server, without implying
a resource action or initiating a resource retrieval.

I see many hackers probing servers looking for vulnerabilities with this option. I configure all our servers and client servers to return a 405 ERROR (method not allowed).

TechQA.

POST request get fail with the browser OPTIONS preflight request

There are 1 answers

To quote the spec:

Related Questions in AJAX

Related Questions in CORS

Related Questions in FIDDLER

Related Questions in HTTP-OPTIONS-METHOD

Popular Questions

Popular Tags

Trending Questions