302 redirect to a different domain fails silently

Question

I have this peculiar flow.

I make an XMLHttpRequest to my server
My server sends a 302 redirect to a different domain. The server at that domain is CORS compliant.
The browser possibly follows the Location. I don't know what exactly happens here because this request doesn't surface in Chrome's debugging tools.
Finally I am left with an awkward looking request/response in chrome debugger.

Has someone been able to achieve response from cross domain redirection via XMLHttpRequest, or is it even possible?

see http://stackoverflow.com/questions/395045/cross-site-xmlhttprequest — Sanjeev Rai, Jun 18 '13 at 11:52
@SanjeevRai that is not entirely related. I know the same origin policy. But the server I am talking to sends the Allow-Cross-Origin-* headers. — Juzer Ali, Jun 18 '13 at 12:27

score 2 · Accepted Answer · answered Aug 27 '13 at 09:11

2

Browsers transparently follows 302 redirects and it doesn't even show up in chrome debugging tools. At the moment there is no way around it. I debugged the http call from curl.

answered Aug 27 '13 at 09:11

Juzer Ali

4,109
3
35
62

score 0 · Answer 2 · answered Sep 10 '13 at 14:37

It is possible, but can only be solved on the server.

Rather than redirect (return a 302 to the client), you need to make the request from your server to the other website and return its response to the client. Basically pass the incoming stream from the other server back as your data stream.

This avoid any cross-domain security problems.

302 redirect to a different domain fails silently

2 Answers2