tags:

views:

62

answers:

1
Q: 

JavaScript OPTIONS cross-site data sending with Firefox

I'm having an issue with sending post data to server when using Firefox. The server is running on Google App Engine.

Here is what I have in my javascript.

$.ajax({
url: 'http://someurl/example/myform.json',
type: 'post',
dataType: 'json',
data: {
'value.title': title,
'value.info.first': first,
'value.info.second': value
}, success: function(data) {
alert("success");
},
error: function(object, status, error) {
alert("error");
}
});

And on server I have.

@RequestMapping(value = "/myform.json", method = RequestMethod.POST)
public ResponseEntity<String> create(@ModelAttribute("data") @Valid final Data data,
final BindingResult result, final HttpServletResponse resp,) {
//process Data }

So far so good, this worked on IE and Chrome without a problem. But then I found out it doesn't work on Firefox and that is because the browser first sends an OPTIONS method before actually posting anything so I went on and made the following to my server.

@RequestMapping(value = "/form.json", method = RequestMethod.OPTIONS)
public ResponseEntity<String> options( final HttpServletResponse resp) {
final HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.set("Access-Control-Allow-Origin", "*");
responseHeaders.set("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
responseHeaders.set("Access-Control-Allow-Headers", "Content-Type");
responseHeaders.set("Access-Control-Max-Age", "86400");
return new ResponseEntity<String>("",responseHeaders,HttpStatus.OK);
}

The problem here is that this returns 500 and the log shows a warning with.

`java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:355)
at java.security.AccessController.checkPermission(AccessController.java:567)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:45)
at java.lang.SecurityManager.checkMemberAccess(Unknown Source)
at java.lang.Class.checkMemberAccess(Unknown Source)
at java.lang.Class.getDeclaredMethods(Unknown Source)

`

Any suggestions?

A: 

in your $.ajax call, you could try explicitly setting the contentType, i.e:

$.ajax({
    url: 'http://someurl/example/myform.json',
    type: 'post',
    dataType: 'json',
    contentType: 'application/json',
    data: {
        'value.title': title,
        'value.info.first': first,
        'value.info.second': value
    }, complete: function() {
        alert("done");
    }
});

i know that i always do this with x-site calls and have done for quite some time due to the type of issue that you describe (re OPTIONS needing to be collated 1st before the call is assembled on the server).

I'm sure this will get you a stage further, if not success..

jim

jim  2010-07-21 09:04:51
Thanks for the quick answer. Unfortunately I couldn't get this to work and it actually made chrome start causing the 500 messages also. Puzzling to say the least...
 2010-07-21 09:28:41
hmm - not sure what that could be then. might be an idea to include the $.ajax error: function (i.e. error: function(request, status, error) {...})
jim  2010-07-21 10:59:01
After some testing it appears that even though server log and Tamper Data show the response coming back as 500 it goes to the success: function each time and the data returning is null.
 2010-07-21 11:45:13
user397147 - shouldn't you be using success: function(data) {...}, rather than complete: function() {...} ??.
jim  2010-07-21 12:03:16
Sorry, my bad I didn't update the code to reflect my changes, I changed the complete: to success: and error: and each time I ran the code it only returned the success function
 2010-07-21 12:09:56

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java