Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m doing a cross origin request using XMLHttpRequest level2.
The problem is if the server returns an error code, like 409 the browser doesn’t allow me to access the response text that the server is returning.
So if the server returns 409 with the message: “you are not allowed to do that again”
i only get the 409 on the client side but the xhr.responseText is empty…
is this a part of the specification or i’m missing a header or something?
To add to what monsur said, the spec is not entirely clear on this particular use case, but if you take a look at section 7.3. Dealing with the Cross-Origin Request Status, it instructs implementors to “ensure not the reveal any further information about the request” for various errors. Although this may seem over-conservative, you could also argue that this is a good/secure best practice. See: http://www.w3.org/TR/cors/#cors-api-specification-response