Oh wow! Thanks for the great explanation, Thomas. I recently switched to firefox 3.5 and started seeing the Options request. Even though I knew about cross site request support, I couldn't put 2 and 2 together.
--Sri 2009/12/21 Thomas Broyer <[email protected]> > > > On Dec 21, 4:00 pm, Mike Chaliy <[email protected]> wrote: > > My application in hosed mode (http://localhost:8888) send plain HTTP > > POST requests for example to thehttp://localhost/Inventory/. > > > > After upgrade from GWT1.7 to GWT2.0, all POST requests are now sent as > > OPTIONS request. > > > > Method: OPTIONS > > Host: localhost > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; uk; rv:1.9.1.6) > > Gecko/20091201 Firefox/3.5.6 > > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ > > *;q=0.8 > > Keep-Alive: 300 > > Connection: keep-alive > > Origin: http://localhost:8888 > > Access-Control-Request-Method: POST > > > > So the querstions are: > > > > 1. Why GWT do so? > > GWT doesn't do anything here (even less in GWT 2.0 with DevMode than > in previous versions where the browser was embedded into GWTShell/ > HostedMode) > > > 2. How to disable this? > > > > May be this is because of "same origin policy" issue? > > Exactly: Firefox 3.5 supports "CORS" which allows cross-origin > requests under certain conditions. One of these is to first ask the > server if it accepts such cross-origin requests (instead of just > failing without even attempting a request, as previous Firefox > versions did), and this is done with an OPTIONS request containing an > Origin and Access-Control-Request-Method request headers. You're just > seeing this "preflight" request. This not a bug, neither in GWT nor in > Firefox; maybe in you code, as it means you're using absolute > references in requests ("http://blablabalbla";), which are likely to > break in most browsers (Firefox 3.0 and previous versions, Internet > Explorer –IE8 uses an XDomainRequest for CORS-like functionnality, > instead of XMLHttpRequest–, Safari, Opera 9.x, etc.) > Same goes for other browsers (last versions of Chrome and Opera > support it AFAICT), as CORS is a being developped at the W3C. > > -- > > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-web-toolkit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
