Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 5 of 5 total
Thread HTTP, want GET, not OPTIONS
Wed, Sep 28 2016 9:34 AMPermanent Link

erickengelke

Avatar

Hi,

I was working with the Shopify.com system and ran into a problem.

EWB always sends an HTTP OPTIONS command first when I specify GET.

begin
 t := 'ZmM2ZjY1MTI2MTc4MzkyYjMxNzhjZjNjYzlhNmM1YzQ6MmQ5YzI3YQ=';
 s := 'https://camp-taheehee.myshopify.com/admin/products.json?fields=id,title';

 servreq := TServerRequest.Create(Self);
 servreq.RequestHeaders.Add('Authorization: Basic '+t);
 servreq.OnComplete := GetStoreContentsCallback;
 servreq.Method := rmGet;
 servreq.URL := s;
 servreq.Execute;

An inspection from the F12 debug screen shows that an HTTP OPTIONS is sent first.  But shopify doesn't implement OPTIONS, so it returns a 404.  The same request with a GET would work, but the 404 stops it dead in its tracks.

A brief perusal of the source didn't turn up why this is true.  Any suggestions of how to get around it?

Thanks,
Erick
Wed, Sep 28 2016 10:08 AMPermanent Link

Walter Matte

Tactical Business Corporation

I came across this when writing my own server - but it is not EWB sending the OPTIONS - it is the Browser.  And different Browsers do it and other don't.

The Server has to handle this.

Walter
Wed, Sep 28 2016 10:30 AMPermanent Link

Matthew Jones

Walter Matte wrote:

> I came across this when writing my own server - but it is not EWB sending the OPTIONS - it is the Browser.  And different Browsers do it and other don't.
>
> The Server has to handle this.

More info at http://stackoverflow.com/questions/29954037/how-to-disable-options-request
Seems complicated.

--

Matthew Jones
Wed, Sep 28 2016 2:59 PMPermanent Link

Raul

Team Elevate Team Elevate

On 9/28/2016 9:34 AM, erickengelke wrote:
> EWB always sends an HTTP OPTIONS command first when I specify GET.

Chrome actually does for CORS.

>   servreq.RequestHeaders.Add('Authorization: Basic '+t);

Because of this - it's not one of standard headers so Chrome does a
pre-flight.

See:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Can auth be sent in any other way (part of URL for example) ?

This is a general JS problem so i assume Shopify should have an solution.

Raul
Wed, Sep 28 2016 9:25 PMPermanent Link

erickengelke

Avatar

Raul wrote:

On 9/28/2016 9:34 AM, erickengelke wrote:
> EWB always sends an HTTP OPTIONS command first when I specify GET.

> Chrome actually does for CORS.

Oh yes, of course.  I forgot because I solved CORS for my other sites by using mormot.

>   servreq.RequestHeaders.Add('Authorization: Basic '+t);

Can auth be sent in any other way (part of URL for example) ?
Yes, but I get URL errors when I do it that way   https://userid:password@shopify.com


> This is a general JS problem so i assume Shopify should have an solution.

I've seen solutions with JSONP, but I cringe at the hack-i-ness of that.  And it only works for GET, not POST.

I've contacted Shopify, because their solution to CORS introduces new problems.  They don't have a good guide for JavaScript yet.  My app ALMOST works... but not quite.

E
Image