Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
For some reason whenever I do an async request using YUI and specify it to be a GET or POST, and the request is HTTPS, the actual request comes through with the OPTIONS request method.
help! why is it doing this?
P.S. I tried this with Prototype and got the same deal.
I’m assuming the request is being made from the a non secure (http) page. (Or if it is from a secure page, then the domains are probably different.)
The request to your secure (https) resource is considered cross origin. For the GET/POST to be successful the origin and the target fully qualified domain names, must be exactly the same to comply with same origin security policies.
The OPTIONS request is essentially the HTTP handshake, or preflight that occurs between the client and the target resource to establish whether or not the client has permission to access the target resource from the origin.
Modern web browsers such as Safari and Firefox have implementations of the W3C Cross Origin Resource Sharing draft policy, so you will see the OPTIONS preflight communication when it fails – probably with some sort of security or network related JavaScript error. If the OPTIONS preflight is successful, the original GET/POST can occur.
I recommend reading up on: