![]() I really enjoyed learning about this mechanism better through this article. However, the OPTIONS method contains no body parameters within and since the original API without params is returning a text/html content (the web server error page) the OPTIONS method was also returning the same, mistakenly thinking that this API does not accept a JSON request □ Well it's an obvious bug on the backend but probably they didn't care because it was an internal API and it was working fine with correct parameters. I figured if I send a normal POST request to the API without the required body parameters, the endpoint will throw an error which is not properly handled! Turned out that the value of the content-type here is text/html and that's why browser wouldn't push through with the actual POST method, however with a normal client it's acceptable.īut we originally mentioned that most of the frameworks would handle this out of the box, so why here Flask is giving us wrong content-type? It's sort of a tricky situation. I used the -headers in HTTPie to only receive the header of the request. I tried to send a normal OPTIONS request to the endpoint to check the rules. As far as I know, only requests that are meant to be sent to a different origin and are not a form content-type are preflighted (excluding GET and HEADER methods). It's important to mention that, not all requests would preflight. The response it retrieves determine if the actual request is allowed to be sent or not. This mechanism works by sending an OPTIONS HTTP method with Access-Control-Request-Method and Access-Control-Request-Headers in the header to notify the server about the type of request it wants to send. Afterall, why would a request be sent when the target host is not willing to receive it anyway? what's going on?Ī preflight request, is a mechanism in CORS by the browser to check if the resource destination is willing to accept the real request or not. The response headers from this call has a content-type of 'text/html' which is the reason for all this evil here. Okay let's take a closer look, there are two things to consider here:Īs you can see, the POST method is never sent and only a method called OPTIONS is sent to the endpoint. I asked for a screenshot and this is how it was looking like in the browser: You can either put them in the configuration file, or in the test file with e().Enter fullscreen mode Exit fullscreen mode ![]() While at it, we'll also set the baseURL to simplify the tests. GitHub API requires authorization, so we'll configure the token once for all tests.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |