Why is ExtJS sending an OPTIONS request to the same domain?

K.. picture K.. · Sep 4, 2012 · Viewed 7.3k times · Source

I'm loading my script on a domain and sending some data with POST and the use of Ext.Ajax.request() to that same domain.

Somehow the dev-tools show me, that there is a failed OPTIONS request.

Request URL : myurl-internal.com:8090/some/rest/api.php

Request Headers
  Access-Control-Request-Headers : origin, x-requested-with, content-type
  Access-Control-Request-Method  : POST
  Origin                         : http://myurl-internal.com:8090

It's both HTTP and not HTTPS. Same port, same host ... I don't know why it's doing this. The server can't handle such stuff and so the request fails and the whole system stops working.

Answer

Brian Moeskau picture Brian Moeskau · Sep 27, 2012

It's not really specific to Ext JS -- see these related threads across other frameworks. It's the server properly enforcing the CORS standard:

for HTTP request methods that can cause side-effects on user data (in particular, for HTTP methods other than GET, or for POST usage with certain MIME types), the specification mandates that browsers “preflight” the request, soliciting supported methods from the server with an HTTP OPTIONS request header, and then, upon “approval” from the server, sending the actual request with the actual HTTP request method.

If you're going to use CORS, you need to be able to either properly handle or ignore these requests on the server. Ext JS itself doesn't care about the OPTIONS requests -- you'll receive the responses as expected, but unless you do something with them they'll just be ignored (assuming the server actually allows whatever you're trying to do).

If you are NOT intending to use CORS (which sounds like you aren't purposefully going cross-domain) then you need to figure out why the server thinks the originating domain is different (I'm not sure about that). You could also bypass CORS altogether by using JsonP (via Ext's JsonP proxy).