Restler 2 cross domain POST AJAX call

Question

I've built my server with a simple REST API using Restler 2. Now I'm trying to do a POST request to that API from my localhost with AJAX, and I see that a OPTIONS request is being sent before, and Restler doesn't handle it.

I added this

header('Access-Control-Allow-Origin:  *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: *');

to the index.php of my server, as suggested here for Restler 3, but that didn't solve it. I also took a look at this question and tried what the last 2 answers suggest (almost same thing as before), but didn't work too. Do I really need to use jsonp (first answer referred question)? Isn't that awkward to actually be sending GET requests instead of POST?

My AJAX call:

$.ajax({
    type: "post",
    url: "http://{MY_URL}/index.php/paint", 
    dataType: "json",
    contentType: "application/json",
    data: JSON.stringify(data), 
    success: function(data){ 
        console.log("post success " + data);
    },
    error: function(xhr,err){
            console.log("readyState: "+xhr.readyState+"\nstatus: "+xhr.status);
            console.log("responseText: "+xhr.responseText);
            console.log(err);
    }
});

and the output is:

OPTIONS http://{MY_URL}/index.php/paint 404 (Not Found) jquery-1.10.2.js:8706
XMLHttpRequest cannot load http://{MY_URL}/index.php/paint. Invalid HTTP status code 404

Problem could be some thing else as well. Did you make sure they are working when everything is in the same domain? — Arul Kumaran, May 18 '14 at 11:58
@Luracast Yes. With the server on the localhost, it works just fine. Probably I can't send the headers on the server, because it's not configurable by me, and doesn't allow me to send additional headers? (not sure, though). — Hugo Sousa, May 18 '14 at 12:16
@Luracast If I follow this option https://github.com/Luracast/Restler/issues/17, adding a new supported format, that means I have to process my 'supposed' `POST` requests as `GET` requests? I see the examples, and I got it working, but they are `GET`requests. How do I handle `POST` requests now? — Hugo Sousa, May 18 '14 at 16:28
Is there a specific reason you are sticking to Restler 2? Restler 3 already has `JsFormat` (JSONP) and simple option to turn on CORS `Defaults::$crossOriginResourceSharing = true;` — Arul Kumaran, May 19 '14 at 04:41
Yes, the PHP version of my host is quite old. However, I found the solution and will post it later. — Hugo Sousa, May 19 '14 at 08:25

score 0 · Accepted Answer · edited May 23 '17 at 11:50

For a future reference for someone ending up here with the same problem.

Simply adding this headers on the index.php didn't work.

header('Access-Control-Allow-Origin:  *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, PATCH, DELETE');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: *');

However, found a solution in this post. So, I added the following code to the beggining of index.php and it works with a simple json request (don't need jsonp).

// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400');    // cache for 1 day
}

// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers:        {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

    exit(0);
}

Restler 2 cross domain POST AJAX call

1 Answers1