AJAX'ing blob to another domain via CORS

Question

Can anyone tell me why this request is failing to get past the SO policy restriction?

JS:

var blob = new Blob([req.response], {type: "application/octet-stream"});
req = new XMLHttpRequest();
req.open("POST", ws_path(other_context, 'receive_pkg'), true);
req.onload = function (evt) { alert(req.response); };
req.send(blob);

The called PHP page on the other domain:

header('Access-Control-Allow-Origin: *');
file_put_contents('log.txt', 'script accessed');

The request does go, and the log is written, but the browser blocks the response. I have another request to the same script that is NOT a blob, but a normal post request, and this responds just fine. The problem seems to be with just the blob request, and I've no idea why or whether what I'm doing is actually prohibited.

[Research effort: I got my hopes up when I found this question, but duplicate answers deal only with CORS in general, not blobs, as per the OP's question]

Answer 1

After a lot of digging and experimentation with this I found a workaround: namely, change the encoding from application/octet-stream to application/x-www-form-urlencoded.

With the former, the request is blocked, even though the web service called explicitly allows the caller domain for CORS. With the latter, the caller domain is allowed through.

However, this brings a new problem: data sent in this way, at least to a PHP web service, will likely exceed the max_input_vars stat.

This can be overcome by increasing it, via a .htaccess file, like so:

php_value max_input_vars 50000000