M
Michael Jacobs
Guest
Sorry John, thought you were working against an OpenEdge REST service. The OPTIONS verb is used by a REST client during a CORS preflight request. When a REST client determines that it is being asked to access a RESTful resource in a domain different from where the current page originated from, it interrupts the request and initiates a CORS preflight request. You basically have no control over the client's CORS support. The client initiated preflight request uses the OPTIONS verb to send a set of client request information to the server, which then compares that formation with its CORS configuration to determine whether the client should be granted access or not. The server returns a success if the request is granted along with a description of what the client may and may not do. The client uses the server's response to know whether to discontinue the original request or to continue its execution. For example: if your client issues a POST and you see in the server log the OPTIONS request, you know that the client initiated the CORS preflight request. If the OPTIONS request is not followed by the POST, you can probably assume the server denied the CORS request and try to find out why from the server's logs. If you see your POST request following the OPTIONS, you can assume the CORS preflight was granted and your client has access. When the client is granted access you can see in the OPTIONS response which verbs and headers the client can use. Perhaps this brief description of a CORS protected server resource will help in your IIS debugging. Luck!
Continue reading...
Continue reading...