JSON-RPC is not working with $http.POST

Question

I am developing an ionic hybrid mobile app and trying to post data in JSON-RPC service but I am getting "500 internal server error"

        var req = {

        url: 'http://192.118.1.214:8080/remote/json-rpc',
        headers: {
            'content-type': 'application/json;charset=utf-8',
            'cache-control': 'no-cache, no-store, must-revalidate, max-age=0'
        },

        data: { jsonrpc: "2.0", id: 2, method: "HDAccess/getDevices", params: [null] }
    }


    $http(req).then(function (res) { alert(res); return res; },
                    function (er) { alert(er); });

It is the request details from webconsole. I have used chrome CORS plugin to avoid "CORS" issue

Request URL:http://192.118.1.214:8080/remote/json-rpc
Request Method:OPTIONS
Status Code:500 Internal Server Error
Remote Address:192.118.1.214:8080
Response Headers
view source
cache-control:no-cache, no-store, must-revalidate, max-age=0
content-length:810
content-type:text/html; charset=UTF-8
date:Tue, 01 Mar 2016 08:00:50 GMT
pragma:no-cache
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Access-Control-Request-Headers:accept, cache-control, content-type
Access-Control-Request-Method:GET
Connection:keep-alive
Host:192.118.1.214:8080
Origin:http://evil.com/
Referer:http://localhost:8100/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36

I have used the same url and post method in POSTMAN extension and got worked but it is not worked in the above code.

Find the POSTMAN inputs below

I have three doubts:

1.Why the data is not mentioned in the above request details.

2.Why the method is showed as "Option" but i am using "POST" method

3.why is it not working by code but working fine in the chrome POSTMAN extention client

Please guide me to solve this issue.

score 1 · Accepted Answer · edited May 23 '17 at 12:07

1

Why the data is not mentioned in the above request details.

The data would be in the POST/PUT request that the browser would send if the server responded to the OPTIONS request with permission.

Why the method is showed as "Option" but i am using "POST" method

Since you are sending a request with a JSON formatted body, you are triggering a preflight OPTIONS request.

See also Why am I getting an OPTIONS request instead of a GET request?

I have used chrome CORS plugin to avoid "CORS" issue

… it doesn't appear to be able to handle OPTIONS requests, at least not when the server responds with a 500 Internal Server Error.

Fix your server so it can respond to OPTIONS requests.

why is it not working by code but working fine in the chrome POSTMAN extention client

Because when you use Postman, there isn't a third party involved, so there are no trust issues to worry about. See also XMLHttpRequest cannot load https://www.[website].com/

edited May 23 '17 at 12:07

Community

1
1

answered Apr 19 '16 at 12:38

Quentin

914,110
126
1,211
1,335

Really a great explanation and i can understand the problem now. Could you please tell me that what kind of changes needs to be done from the server side? – Naju Apr 19 '16 at 13:40
1

You need to respond to the OPTIONS with with a 200 OK and appropriate CORS headers. – Quentin Apr 19 '16 at 13:42
I added the "OPTION" method,but iam getting the following error. XMLHttpRequest cannot load http://192.118.1.254:8000/system/http/login. The 'Access-Control-Allow-Origin' header contains multiple values 'http://evil.com/, *', but only one is allowed. Origin 'http://localhost:8101' is therefore not allowed access. – Naju Apr 26 '16 at 14:58
1

The error message seems clear enough. Send the correct value for the header in the response. – Quentin Apr 26 '16 at 15:03
Can we sent 'Access-Control-Allow-Origin' value from front-end in the Header? – Naju Apr 26 '16 at 15:47
1

@rightPath — No. It would be stupid if the browser let your JavaScript give itself permission to read data (as if it was the user of the browser) from third party sites. – Quentin Apr 26 '16 at 15:47
Yeah,I can understand,but in the server side i has given value for 'Access-Control-Allow-Origin' as *,evil.com,localhost:8101 (I have added these only for some testing purpose only) but i am getting error as "No access-control-allow-orgin" is present in the request header. Orgin localhost:8101is therefore not allowed,status code 500" – Naju Apr 26 '16 at 15:55
@rightPath — Then you (a) Need to set the correct value, remember the error message you had before "contains multiple values 'evil.com, *', but only one is allowed" and (b) Need to figure out why that makes the server side code you haven't put in the question is generating a 500 error in the first place. – Quentin Apr 26 '16 at 15:56

JSON-RPC is not working with $http.POST

1 Answers1