Chrome cancels CORS XHR when redirected
I'm having a mysterious issue where Chrome cancels cross-origin AJAX
requests when they encounter a HTTP redirect. In the Network tab, it
appears as "(canceled)" and the response headers or body are not
available.
Here's the flow:
Load page on http://
POST request to login endpoint on https://
303 response
Request canceled.
Here's the JS (from http://dev.liberty.edu/facultyportfolio/ajaxtest.html):
var r = new XMLHttpRequest();
r.open('POST', 'https://dev.liberty.edu/facultyportfolio-rest/login', true);
r.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');
r.send(JSON.stringify({"username":"myusername","password":"myrealpassword"}));
r.send();
Chrome's net internals shows that the server responded with these headers:
HTTP/1.1 303 See Other
Date: Thu, 05 Sep 2013 17:54:21 GMT
Server: Apache/2
Access-Control-Allow-Origin: http://dev.liberty.edu
Access-Control-Allow-Credentials: true
Location:
https://dev.liberty.edu/facultyportfolio-rest/j_spring_cas_security_check?ticket=xxxx.liberty.edu
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 52
Connection: close
Content-Type: text/plain; charset=UTF-8
And it says: URL_REQUEST_BLOCKED_ON_DELEGATE
Does anyone know why this is failing?
No comments:
Post a Comment