/*set the response header*/
Form responseHeaders = (Form) getResponse().getAttributes().get("org.restlet.http.headers");
if (responseHeaders == null) {
responseHeaders = new Form();
responseHeaders.add("Access-Control-Allow-Origin", "*");
responseHeaders.add("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE");
getResponse().getAttributes().put("org.restlet.http.headers", responseHeaders);
}
I added this in my restlet 2.0 code to allow for cross domain access, this does make the first GET to work on page load, but when I try to do POST later(with backbone model.save()), browser sends Options with a null entity instead.
It does send the right POST if I did not add the code above
This happens on Opera, Firefox, and Chrome (works fine if I start chrome with –disable-web-security), so i assume it is still a browser security issue, could anyone provide explanations on why this would happen and what might be the fix?
From What is the HTTP OPTIONS method?
I have fought several times with CORS issues and I have always solved them with the method of try and error my suggestion for your case is add
OPTIONSto your Allow Methods :And make your server to respond to
OPTIONSrequest with an*, in Sinatra is like this:Update
For the new issue explained in the comment about the error
header field Content-Type is not allowed by Access-Control-Allow-Headers.Try to add another CORS header: