开发者

JavaScript OPTIONS cross-site data sending with Firefox

I'm having an issue with sending post data to the server when using Firefox. The server is running on Google App Engine.

Here is what I have in my JavaScript.

$.ajax({  
    url: 'http://someurl/example/myform.json',  
    type: 'post',  
    dataType: 'json',  
    data: {  
        'value.title': title,  
        'value.info.first': first,  
        'value.info.second': value  
    },
    success: function(data) {  
        alert("success");  
    },  
    error: function(object, status, error) {  
        alert("error");  
    }  
});

And on the server I have.

@RequestMapping(value = "/myform.json", method = RequestMethod.POST)  
public ResponseEntity<String> create(@ModelAttribute("data") @Valid final Data data,  
final BindingResult result, final HttpServletResponse resp,) {  
  //process Data
}

So far so good, this worked on IE and Chrome without a problem. But then I found out it doesn't work on Firefox and that is because the browser first sends an OPTIONS method before actually posting anything so I went on and made the following to my server.

@RequestMapping(value = "/form.json", method = RequestMethod.OPTIONS)  
public ResponseEntity<String> options(
  final HttpServletResponse resp) {  
    final HttpHeaders responseHeaders = new HttpHeaders();  
    responseHeaders.set("Access-Control-Allow-Origin", "*");  
    responseHeaders.set("Access-Control-Allow-Methods", "GET, POST, OPTIONS");  
    responseHeaders.set("Access-Control-Allow-Headers", "Content-Type");  
    responseHeaders.set("Access-Control-Max-Age", "86400");  
    return new ResponseEntity<String>("",responseHeaders,HttpStatus.OK);  
  }
)

The problem here is that this returns 500 and the log shows a warning with.

java.security.AccessControlException: access denied (java.lan开发者_开发知识库g.RuntimePermission accessDeclaredMembers)  
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:355)  
at java.security.AccessController.checkPermission(AccessController.java:567)  
at java.lang.SecurityManager.checkPermission(Unknown Source)  
at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:45)  
at java.lang.SecurityManager.checkMemberAccess(Unknown Source)  
at java.lang.Class.checkMemberAccess(Unknown Source)  
at java.lang.Class.getDeclaredMethods(Unknown Source)

Any suggestions?


in your $.ajax call, you could try explicitly setting the contentType, i.e:

$.ajax({
    url: 'http://someurl/example/myform.json',
    type: 'post',
    dataType: 'json',
    contentType: 'application/json',
    data: {
        'value.title': title,
        'value.info.first': first,
        'value.info.second': value
    }, complete: function() {
        alert("done");
    }
});

i know that i always do this with x-site calls and have done for quite some time due to the type of issue that you describe (re OPTIONS needing to be collated 1st before the call is assembled on the server).

I'm sure this will get you a stage further, if not success..

jim

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜