I am making the call using jquery. You are correct that the X-Requested
header is not included automatically and without it the request shows in
chrome as a GET with response 303 redirect. If I explicitly add the
X-Requested header then it shows as an "OPTIONS" request and instead of the
headers it shows Access-Control-Request-Headers and the response is "load
cancelled".
I think the problem here is the security restrictions on cross-origin
requests. The OPTIONS request expects a response that includes an
Access-Control-Allow-Origin
header from web2py. I know the magical incantations that are needed for
this in PHP (as below) but am unclear how this can be done from web2py.
The access_control headers do not appear to be included in request.env.
Basically I need to do the web2py equivalent of this PHP code:
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods:
{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']}");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
header("Access-Control-Allow-Headers:
{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
}
exit(0);
}
On Wednesday, 1 August 2012 22:42:07 UTC+1, Anthony wrote:
>
> Yes, you can make Ajax calls to web2py and get a response back -- and that
> is independent of whether request.ajax is True. Here's the code used to set
> request.ajax:
>
> x_req_with = str(request.env.http_x_requested_with).lower
> ()
> request.ajax = x_req_with == 'xmlhttprequest'
>
> So, web2py checks whether the request headers include "X-Requested-With:
> XMLHttpRequest". Perhaps for some reason your Ajax call is not setting that
> header. web2py will still respond to the request, but it won't set
> request.ajax to True unless that header is there. You could either make
> sure that header is set when the request is made, or add some other flag to
> the request that your application can use to determine the type of request
> (e.g., a GET or POST variable). See
> http://stackoverflow.com/questions/1885847/jquery-no-x-requested-with-xmlhttprequest-in-ajax-request-header
> .
>
> Anthony
>
> On Wednesday, August 1, 2012 4:42:15 PM UTC-4, simon wrote:
>>
>> I have a page served by a php application where a button makes an ajax
>> call to a web2py controller. However when it arrives the request.ajax field
>> is false and it then tries to redirect to the login page.
>>
>> Is it possible to make an ajax call to a web2py server from a non-web2py
>> page and send the response back to the callling page? Am I doing it wrong?
>>
>
--
