Re: [Proto-Scripty] Ajax CORS error message

[Dave Kibble]

is the page served from http://test.heroku.com ?

If not, it's a cross-site scripting security issue.

[Dave Lazar]

As I mentioned... this a CORS setup, so obviously it is cross-site. That part of the stack works perfect, and the response is indeed dished out to the browser as expected. The only problem I have  is Prototype not liking the header... I am looking for the tip that will silence that... 

Thanks

[Shane McCarron]

are you using Chrome by any chance?  I noticed that it complains about some other headers I try to set in the same way.

--
You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group.

To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/xcPk0scKJdkJ.

To post to this group, send email to prototype-s...@googlegroups.com.
To unsubscribe from this group, send email to prototype-scripta...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.

--
Shane McCarron
halin...@gmail.com

[Dave Lazar]

Chrome, Firefox and Safari all show a console error. They also all show the response. Puzzling...  

On Wednesday, January 16, 2013 5:22:36 PM UTC-5, Shane McCarron wrote:

are you using Chrome by any chance?  I noticed that it complains about some other headers I try to set in the same way.

On Wed, Jan 16, 2013 at 4:21 PM, Dave Lazar <hunk...@gmail.com> wrote:

As I mentioned... this a CORS setup, so obviously it is cross-site. That part of the stack works perfect, and the response is indeed dished out to the browser as expected. The only problem I have  is Prototype not liking the header... I am looking for the tip that will silence that... 

Thanks

On Wednesday, January 16, 2013 5:12:43 PM UTC-5, DaveK wrote:

is the page served from http://test.heroku.com ?

If not, it's a cross-site scripting security issue.

--
You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group.

To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/xcPk0scKJdkJ.

To post to this group, send email to prototype-s...@googlegroups.com.

To unsubscribe from this group, send email to prototype-scriptaculous+unsub...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.

--
Shane McCarron
halin...@gmail.com

[Jason Westbrook]

In the latest DEV version hosted on github you can remove the X-* HTTP headers that PrototypeJS puts into the AJAX requests that make the CORS pre-flight requests fail.

Check out this pull request

https://github.com/sstephenson/prototype/pull/88

Jason Westbrook | T: 313-799-3770 | jwest...@gmail.com

To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/LOcfGBnKHXgJ.

To post to this group, send email to prototype-s...@googlegroups.com.

To unsubscribe from this group, send email to prototype-scripta...@googlegroups.com.

[Dave Lazar]

I built that version of Prototype, with that pull request... and it did not fix that issue... sigh... since the actual CORS call works.. I will just ignore the browser errors Prototype is throwing... messes things up in the console.. but that is minor...

Thanks

On Wednesday, January 16, 2013 7:13:50 PM UTC-5, Jason wrote:

In the latest DEV version hosted on github you can remove the X-* HTTP headers that PrototypeJS puts into the AJAX requests that make the CORS pre-flight requests fail.

Check out this pull request

https://github.com/sstephenson/prototype/pull/88

Jason Westbrook | T: 313-799-3770 | jwest...@gmail.com

On Wed, Jan 16, 2013 at 2:43 PM, Dave Lazar <hunk...@gmail.com> wrote:

Chrome, Firefox and Safari all show a console error. They also all show the response. Puzzling...  

On Wednesday, January 16, 2013 5:22:36 PM UTC-5, Shane McCarron wrote:

are you using Chrome by any chance?  I noticed that it complains about some other headers I try to set in the same way.

On Wed, Jan 16, 2013 at 4:21 PM, Dave Lazar <hunk...@gmail.com> wrote:

As I mentioned... this a CORS setup, so obviously it is cross-site. That part of the stack works perfect, and the response is indeed dished out to the browser as expected. The only problem I have  is Prototype not liking the header... I am looking for the tip that will silence that... 

Thanks

On Wednesday, January 16, 2013 5:12:43 PM UTC-5, DaveK wrote:

is the page served from http://test.heroku.com ?

If not, it's a cross-site scripting security issue.

--
You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group.

To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/xcPk0scKJdkJ.

To post to this group, send email to prototype-s...@googlegroups.com.

To unsubscribe from this group, send email to prototype-scriptaculous+unsubscr...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.

--
Shane McCarron
halin...@gmail.com

[Jason Westbrook]

did you also set the headers in the Ajax.Request object to null

ie

new Ajax.Request('/your/url',{ 'requestHeaders' : { 'X-Requested-With' : null, 'X-Prototype-Version' : null}});

Jason Westbrook | T: 313-799-3770 | jwest...@gmail.com

To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/pcg4MZ0tctgJ.

To post to this group, send email to prototype-s...@googlegroups.com.

To unsubscribe from this group, send email to prototype-scripta...@googlegroups.com.

[Dave Lazar]

Indeed I did... to no great effect with the results... still spits out that it does not want to process an unsafe 'X-JSON' header... 

--

You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group.

To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/pcg4MZ0tctgJ.

To post to this group, send email to prototype-s...@googlegroups.com.

[Walter Lee Davis]

Maybe you also have to fiddle with the accept header? I've been having the same error for weeks in Safari, and on a straight get request to a CORS-enabled S3 endpoint, returning plain old HTML.

Walter

> To unsubscribe from this group, send email to prototype-scripta...@googlegroups.com.

> For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.
>
>
>
> --
> Shane McCarron
> halin...@gmail.com
>
> --
> You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/LOcfGBnKHXgJ.
>
> To post to this group, send email to prototype-s...@googlegroups.com.

> To unsubscribe from this group, send email to prototype-scripta...@googlegroups.com.

> For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/pcg4MZ0tctgJ.
>
> To post to this group, send email to prototype-s...@googlegroups.com.

> To unsubscribe from this group, send email to prototype-scripta...@googlegroups.com.

> For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group.

> To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/QlngtF0Su_MJ.

> To post to this group, send email to prototype-s...@googlegroups.com.

> To unsubscribe from this group, send email to prototype-scripta...@googlegroups.com.

[Dave Lazar]

It's JSON all the way... the response contains the proper content type:

1. Access-Control-Allow-Credentials:
   true
2. Access-Control-Allow-Methods:
   GET, POST, OPTIONS
3. Access-Control-Allow-Origin:
   http://www.test.com
4. Access-Control-Max-Age:
   1728000
5. Connection:
   keep-alive
6. Content-Length:
   16
7. Content-Type:
   application/json;charset=utf-8
8. Date:
   Thu, 17 Jan 2013 01:41:08 GMT
9. Server:
   nginx
10. Vary:
    Origin
11. X-Frame-Options:
    sameorigin
12. X-Json:
    {"fizz":"buzz"}
13. X-Xss-Protection:
    1; mode=block

> To unsubscribe from this group, send email to prototype-scriptaculous+unsub...@googlegroups.com.

> For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.
>
>
>
> --
> Shane McCarron
> halin...@gmail.com
>
> --
> You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/LOcfGBnKHXgJ.
>
> To post to this group, send email to prototype-s...@googlegroups.com.

> To unsubscribe from this group, send email to prototype-scriptaculous+unsub...@googlegroups.com.

> For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/pcg4MZ0tctgJ.
>
> To post to this group, send email to prototype-s...@googlegroups.com.

> To unsubscribe from this group, send email to prototype-scriptaculous+unsub...@googlegroups.com.

> For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/prototype-scriptaculous/-/QlngtF0Su_MJ.
> To post to this group, send email to prototype-s...@googlegroups.com.

> To unsubscribe from this group, send email to prototype-scriptaculous+unsub...@googlegroups.com.