Monday, June 3, 2024
Homepage · jquery
 Popular · Latest · Hot · Upcoming
100
rated 0 times [  101] [ 1]  / answers: 1 / hits: 17659  / 12 Years ago, fri, july 13, 2012, 12:00:00

Let's say, I have a Tornado web server (localhost) and a web page (othermachine.com), and the latter contains javascript that needs to make cross-domain ajax calls to the Tornado server.



So I set up my Tornado as such:



class BaseHandler(tornado.web.RequestHandler):

    def set_default_headers(self):

        self.set_header(Access-Control-Allow-Origin, http://www.othermachine.com)

        self.set_header(Access-Control-Allow-Credentials, true)

        self.set_header(Access-Control-Allow-Methods, GET,PUT,POST,DELETE,OPTIONS)

        self.set_header(Access-Control-Allow-Headers,

            Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, X-Requested-By, If-Modified-Since, X-File-Name, Cache-Control)


And my javascript makes a jQuery call:



$.ajax({

    type: 'GET',

    url: http://localhost:8899/load/space,

    data: { src: dH8b },

    success: function(resp){

        console.log(ajax response: +resp);

    },

    dataType: 'json',

    beforeSend: function ( xhr ) {

        xhr.setRequestHeader('Content-Type', 'text/plain');

        xhr.setRequestHeader('Access-Control-Request-Method', 'GET');

        xhr.setRequestHeader('Access-Control-Request-Headers', 'X-Requested-With');

        xhr.withCredentials = true;

    }

});


But I get the lovely XMLHttpRequest cannot load http://localhost:8899/load/space?src=dH8b. Origin http://www.othermachine.com is not allowed by Access-Control-Allow-Origin error. I can't tell which side of jQuery / Tornado (or both?) am I not setting up correctly.



According to dev tools, these are the headers the jQuery request is sending:



Request Headers



Accept:*/*

Origin:http://www.othermachine.com

Referer:http://www.othermachine.com/athletes.html?src=BCYQ&msgid=6xjb

User-Agent:Mozilla/5.0 ...


If I simply make a request from my browser's url field I get a '200 OK' with this:



Response Headers



Access-Control-Allow-Credentials:true

Access-Control-Allow-Headers:Content-Type, User-Agent, X-Requested-With, X-Requested-By, Cache-Control

Access-Control-Allow-Methods:GET,POST

Access-Control-Allow-Origin:http://www.othermachine.com

Content-Length:0

Content-Type:text/html; charset=UTF-8

Server:TornadoServer/2.2.1


Does that mean Tornado is doing its job? I tried to follow the advice of all the stackoverflow CORS+jQuery posts (e.g. this), to no avail. CORS in concept seems simple enough, but maybe I am fundamentally misunderstanding what is supposed to happen in a CORS transaction... please help! Thanks in advance.


More From » jquery
 Answers
38

Nevermind, coding too late and too long causes one to trip over things the size of typos. For the record, this is all you need for jQuery:



var data = { msgid: dH8b },

    url = http://localhost:8899/load + '?' + $.param(data);

$.getJSON( url, function(resp){

    console.log(ajax response: +resp+ json=+JSON.stringify(resp));

});


And this is all you need for Tornado:



class BaseHandler(tornado.web.RequestHandler):

    def set_default_headers(self):

        self.set_header(Access-Control-Allow-Origin, http://www.othermachine.com)


Using jQuery 1.7.2, Tornado 2.2.1.


[#84285] Thursday, July 12, 2012, 12 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
terrellhunterm
Add To Favorites
Follow
Total Points: 82
Total Questions: 109
Total Answers: 98
Location: Vietnam
Member since Sun, Oct 18, 2020
4 Years ago
terrellhunterm questions
Mon, Aug 31, 20, 00:00, 4 Years ago
Fri, Mar 20, 20, 00:00, 4 Years ago
Mon, Aug 5, 19, 00:00, 5 Years ago
Thu, Apr 4, 19, 00:00, 5 Years ago
Mon, Mar 11, 19, 00:00, 5 Years ago
View All
;