javascript - why would akamai change browser security behavior? -



javascript - why would akamai change browser security behavior? -

in 1 environment have x-domain jquery ajax request method get. nil fancy.

jquery.ajax({ type: 'get', url: url, contenttype:'text/plain', xhrfields: { withcredentials: true }, success: function(data){ //stuffff } });

works fine when served tomcat or apache. stays get, not preflighted options

get https://qa.example.com http/1.1 host: somehost.example.com connection: keep-alive cache-control: no-cache pragma: no-cache accept: */* origin: http://example.com user-agent: mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, gecko) chrome/36.0.1985.125 safari/537.36 content-type: text/plain dnt: 1 referer: http://example.com accept-encoding: gzip,deflate,sdch accept-language: en-us,en;q=0.8,sr;q=0.6 cookie: jsessionid=xxx

but when static files hosted on akamai (in different environment), request gets preflighted options using same exact js.

options https://stage.example.com http/1.1 accept: */* origin: https://someorigin.example.com access-control-request-method: access-control-request-headers: content-type, take accept-encoding: gzip, deflate user-agent: mozilla/4.0 (compatible; msie 7.0; windows nt 6.1; wow64; trident/7.0; slcc2; .net clr 2.0.50727; .net clr 3.5.30729; .net clr 3.0.30729; media center pc 6.0; .net4.0c; .net4.0e; infopath.3) host: test-me.example.com content-length: 0 connection: keep-alive cache-control: no-cache

what on earth create browser treat x-domain request's security differently because hosted on cdn? (we custom dns akamai files, if coming our domain). also, note server in situation not allowing options , don't have access, should not matter simple gets without data, per these rules:

simple requests requests meet next criteria: • http method matches (case-sensitive) 1 of:  head   post • http headers matches (case-insensitive):  take  accept-language  content-language  last-event-id  content-type, if value 1 of: • application/x-www-form-urlencoded • multipart/form-data • text/plain

this happens regardless of browser, chrome, ie, ff simple requests.

javascript jquery google-chrome xmlhttprequest cors

Comments

Post a Comment

Popular posts from this blog

Delphi change the assembly code of a running process -

Delphi change the assembly code of a running process - i'm trying alter address 00741fa5 has push test.009e721c . alter push test.009e71c8 . procedure callback; asm force $9e71c8 end; procedure tform2.btn1click(sender: tobject); var ppid :dword; pprocess : cardinal; begin getwindowthreadprocessid(findwindow(nil,pchar('test')), @ppid); pprocess := openprocess(process_all_access, false, ppid); injectasm(pprocess, $741fa5, 10, integer(@callback), 0); end; here injectasm function (with error checking) function injectasm(process: longword; injectaddress, injectsize, codeaddress, codesize : integer): pointer; var csize, rsize : integer; replaced : array of byte; jmp : array [0..4] of byte; jmpaddress : integer; nopv : byte; : integer; nbr: ulong_ptr; begin //injectsize must equal or greater 5, because need space our //(far) jmp wwxxyyzz instruction //if there's no space, inject in place of few instructions if injectsize ...
Read more

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) -

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) - hello have problem hibernate , jackson. have 2 pojos @entity @table(name = "users") public class user implements serializable { static final long serialversionuid = 4235637833262722256l; @id @generatedvalue private int id; @column(name = "creation_date") private date creationdate; @column(name = "first_name") private string firstname; @column(name = "last_name") private string lastname; @version @column(name = "version") private int version; @column(name = "e_mail") private string email; @column(name = "enabled") private boolean enabled; @column(name = "login") private string login; @column(name = "password") private string password; @jsonmanagedreference("role") @onetomany(mappedby = "user", cascade = cascadetype.all,fetch = fetchtyp...
Read more

C++ 11 "class" keyword -

C++ 11 "class" keyword - i've started using c++ 11 little bit more , have few questions on special uses of class keyword. know it's used declare class, there's 2 instances have seen don't understand: method<class t>(); and class class_name *var; why precede typename keyword class in first example, , keyword pointer in sec example? that known elaborated type specifier , necessary when class name "shadowed" or "hidden" , need explicit. class t { }; // love of god don't t t; t t2; if compiler smart, give these warnings: main.cpp:15:5: error: must utilize 'class' tag refer type 't' in scope t t2; ^ class main.cpp:14:7: note: class 't' hidden non-type declaration of 't' here t t; ^ if class not defined, deed forwards declaration. for example: template <typename t> void method() { using type = typename t::value_type; } method...
Read more