Cross domain issue, GET converted to OPTIONS

Question

I have the following request and response. The Access allow control origin is set to *.

Remote Address:xx.xxx.xxx.xxx:xx
Request URL:http://api-test.example.com/api/v1/sample
Request Method:OPTIONS
Status Code:405 Method Not Allowed
Request Headersview source
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, authorization
Access-Control-Request-Method:GET
Cache-Control:max-age=0
Connection:keep-alive
Host:api-test.example.com
Origin:http://test.example.com
Referer:http://test.example.com/Joblist.html
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like GeChrome/34.0.1847.116 Safari/537.36

Response:

Response Headersview source
Access-Control-Allow-Methods:GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin:http:*
Allow:GET
Cache-Control:no-cache
Connection:keep-alive
Content-Length:76
Content-Type:application/json; charset=utf-8
Date:Tue, 15 Apr 2014 07:38:32 GMT
Expires:-1
Pragma:no-cache
Server:Microsoft-IIS/8.5
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET

I have used the GET method, but it is getting converted to OPTIONS, How to fix this?

Here is the calling function:

$.ajax({ 
type: "GET", 
url: "api-test.example.com/api/v1/sample";, 
headers:{Authorization:authHeader}, 
dataType: "xml", 
success: function(xml) { 

Answer 1

Check out my answer here...

The browser will prefly an OPTIONS request any time there are not-simple headers in a cross origin request. When this OPTIONS request is sent to the server, the server must respond with allowable headers, methods, AND origins to satisfy the preflight request (and allow the actual request to be made).

Access-Control-Allow-Origin:http:*

http:* is not going to qualify as an allowed origin. It only supports *, null or the exact domain.

here is some info