I'm stuck with a CORS problem. I have developed a REST webservice using WSSE to secure it. The webservice has to be called from an hybrid mobile application throught a jQuery request.
I'm trying to call the webservice methods via jquery but I got always a 405 response.
This is the virtual host configuration:
Header set Access-Control-Allow-Origin: *
Header set Access-Control-Allow-Headers: *
This is the jQuery client:
$.ajax({
type:"GET",
beforeSend : function(xhrObj) {
xhrObj.setRequestHeader(
"Authorization",'WSSE profile="UsernameToken"'
);
xhrObj.setRequestHeader(
"X-WSSE", generateWsseToken(username, secret)
);
},
url: callUrl,
crossDomain: true,
dataType: "json",
success: function(msg) {
console.log(msg);
}
});
These are response and request as shown in Firebug:
-- RESPONSE --
HTTP/1.1 405 Method Not Allowed
Date: Thu, 31 Jul 2014 13:46:25 GMT
Server: Apache/2.4.6 (Ubuntu)
X-Powered-By: PHP/5.5.3-1ubuntu2.6
Cache-Control: no-cache
Allow: GET, HEAD
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
-- REQUEST --
OPTIONS /myurl HTTP/1.1
Host: 127.0.0.66
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: it,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Origin: http://localhost
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,x-wsse
Connection: keep-alive
Cache-Control: max-age=0
What I'm doing wrong?
I have read many discussions but withouth luck. For instance:
