Support Forums - View Thread

View Thread

The following is the text of the current message along with any replies.

Messages 1 to 5 of 5 total

Wed, Sep 28 2016 9:34 AM	Permanent Link
erickengelke	Hi, I was working with the Shopify.com system and ran into a problem. EWB always sends an HTTP OPTIONS command first when I specify GET. begin t := 'ZmM2ZjY1MTI2MTc4MzkyYjMxNzhjZjNjYzlhNmM1YzQ6MmQ5YzI3YQ='; s := 'https://camp-taheehee.myshopify.com/admin/products.json?fields=id,title'; servreq := TServerRequest.Create(Self); servreq.RequestHeaders.Add('Authorization: Basic '+t); servreq.OnComplete := GetStoreContentsCallback; servreq.Method := rmGet; servreq.URL := s; servreq.Execute; An inspection from the F12 debug screen shows that an HTTP OPTIONS is sent first. But shopify doesn't implement OPTIONS, so it returns a 404. The same request with a GET would work, but the 404 stops it dead in its tracks. A brief perusal of the source didn't turn up why this is true. Any suggestions of how to get around it? Thanks, Erick
Wed, Sep 28 2016 10:08 AM	Permanent Link
Walter Matte Tactical Business Corporation	I came across this when writing my own server - but it is not EWB sending the OPTIONS - it is the Browser. And different Browsers do it and other don't. The Server has to handle this. Walter
Wed, Sep 28 2016 10:30 AM	Permanent Link
Matthew Jones	Walter Matte wrote: > I came across this when writing my own server - but it is not EWB sending the OPTIONS - it is the Browser. And different Browsers do it and other don't. > > The Server has to handle this. More info at http://stackoverflow.com/questions/29954037/how-to-disable-options-request Seems complicated. -- Matthew Jones
Wed, Sep 28 2016 2:59 PM	Permanent Link
Raul Team Elevate	On 9/28/2016 9:34 AM, erickengelke wrote: > EWB always sends an HTTP OPTIONS command first when I specify GET. Chrome actually does for CORS. > servreq.RequestHeaders.Add('Authorization: Basic '+t); Because of this - it's not one of standard headers so Chrome does a pre-flight. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS Can auth be sent in any other way (part of URL for example) ? This is a general JS problem so i assume Shopify should have an solution. Raul
Wed, Sep 28 2016 9:25 PM	Permanent Link
erickengelke	Raul wrote: On 9/28/2016 9:34 AM, erickengelke wrote: > EWB always sends an HTTP OPTIONS command first when I specify GET. > Chrome actually does for CORS. Oh yes, of course. I forgot because I solved CORS for my other sites by using mormot. > servreq.RequestHeaders.Add('Authorization: Basic '+t); Can auth be sent in any other way (part of URL for example) ? Yes, but I get URL errors when I do it that way https://userid:password@shopify.com > This is a general JS problem so i assume Shopify should have an solution. I've seen solutions with JSONP, but I cringe at the hack-i-ness of that. And it only works for GET, not POST. I've contacted Shopify, because their solution to CORS introduces new problems. They don't have a good guide for JavaScript yet. My app ALMOST works... but not quite. E