Hi Everyone,
This one has been driving me bug eyed for a couple days now. Hopefully someone here has some ideas. As of FireFox 3.5, Mozilla has implemented the w3cs Cross-Origin Resource Sharing recommendation (http://dev.w3.org/2006/waf/access-control/). I am trying to implement this in my ajax based web app so that I can develop locally (localhost) and make requests to my live server. Mozilla has a great explanation of how to craft requests and response headers here: https://developer.mozilla.org/en/HTTP_access_control I am using jQuery and ajaxCFC for my requests, jQuery adds a custom header, which forces the request to be 'preflighted'. What this means is that an OPTION method request is sent to the server before the actual request to see if the request is valid/supported. The server is supposed to respond with the allowed headers something like this: Access-Control-Allow-Origin: http://foo.example Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: X-PINGOTHER Access-Control-Max-Age: 1728000 My problem is that the request to the CFC via the OPTIONS method never gets a response, the CFC not the application.CFC ever execute. The only way I can get it to work is to set the headers within the IIS HTTP Headers. But I don't want to do this for all requests, only when needed, when the method is OPTIONS and I would like to be able to further validate the request. But the request never gets to Cold Fusion. In firebug, the request looks like this: OPTIONS http://www.myserver.com/app/adapter/publicAdapter.cfc?method=ping&returnform at=json Host: www.myserver.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Origin: http://localhost Access-Control-Request-Method: POST Connection: close Date: Wed, 08 Jul 2009 15:58:04 GMT Server: Microsoft-IIS/6.0 Access-Control-Allow-Methods: POST,GET,OPTIONS Access-Control-Allow-Headers: X-Requested-With,If-Modified-Since,Accept,Content-Type Access-Control-Max-Age: 1728000 Access-Control-Allow-Origin: http://localhost Allow: GET, HEAD, POST, TRACE, OPTIONS The response headers are the headers I have set manually in IIS. The actual CFC never gets called. I checked in IIS and the application extension mapping for CFC is set to "all verbs" and yet the request never gets to CF. I added some logging in application.cfc onRequestStart and nothing. So does anyone have any idea how to do a preflighted request so that cold fusion can respond? Or is this an IIS issue where IIS is not passing the OPTIONS request to CF? Brook Davies Logiforms.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324365 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
