Should work, what do you have in your log for when you sent the options header?
On Thursday, September 19, 2013 6:59:23 AM UTC-7, Thirugnanam Kaneshalingam wrote: > > We are having some issue with Cross Origin Resource Sharing (CORS) > implementation in a restfull web service on web2py. > We try to implement CORS on the server side in web2py as suggested here: ( > https://groups.google.com/forum/#!msg/web2py/kSUtyNcUQGI/qfiIqfUiWLwJ ) > we added following to models/0.py, (to have the response header updated > before actual restfull api handler in the controler) > > =============================== > if request.env.http_origin: > #response > <https://www.facebook.com/hashtag/response>.headers['Access-Control-Allow-Origin'] > > = request.env.http_origin > response.headers['Access-Control-Allow-Origin'] = "*" > response.headers['Access-Control-Allow-Credentials'] = 'true' > response.headers['Access-Control-Max-Age'] = 86400 > > if request.env.request_method == 'OPTIONS': > if request.env.http_access_control_request_method: > print request.env.http_access_control_request_method > response.headers['Access-Control-Allow-Methods'] = > request.env.http_access_control_request_method > if request.env.http_access_control_request_headers: > response.headers['Access-Control-Allow-Headers'] = > request.env.http_access_control_request_headers > ========================== > > RESTful POST & GET are now working > but PUT and DELETE aren't because preflight http OPTIONS request is > rejected as "400 BAD REQUEST" by web2py > > So for example when calling the restful webservice using ajax call from a > local web page, > we get the following error msg in NetBeans log. > > Failed to load resource: the server responded with a status of 400 (BAD > REQUEST) (10:46:36:182 | error, network) > at > http://127.0.0.1:8000/test/default/api/entries/2.json<https://www.facebook.com/l.php?u=http%3A%2F%2F127.0.0.1%3A8000%2Ftest%2Fdefault%2Fapi%2Fentries%2F2.json&h=6AQEXO762AQEdGBr1FA5hs7g-rkoOuV3j_Ls67igLa1ysWw&s=1> > Failed to load resource: Origin http://localhost:8383 is not allowed by > Access-Control-Allow-Origin. (10:46:36:183 | error, network) > at > http://127.0.0.1:8000/test/default<https://www.facebook.com/l.php?u=http%3A%2F%2F127.0.0.1%3A8000%2Ftest%2Fdefault&h=SAQHZ1uIiAQF-DetwOo02m0brzq8JFqvX0khT8_XL5fZhqg&s=1> > /api/entries/2.json > XMLHttpRequest cannot load http://127.0.0.1:8000/test/default > /api/entries/2.json. Origin http://localhost:8383 is not allowed by > Access-Control-Allow-Origin. (10:46:36:183 | error, javascript) > at www/page/test.html > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
