MooTools CORS request vs native Javascript

Question

I have this MooTools code:

new Request.JSON({
  method: \'POST\',
  url: URL, /*URL TO ANOTHER DOMAIN*/
  onSuccess: function(r){
    callback(r);
  }
}).pos         


        

Answer 1

This is because MooTools bundles some extra stuff with the request headers.

eg. if your htaccess says:

Header set Access-Control-Allow-Origin: *

you need to craft your request like that:

var foo = new Request({
    url: 'http://fragged.org/Epitome/example/data/',
    method: 'get',
    onComplete: function (data) {
        // returns an object with name and surname  
        new Element('div[html="{name} {surname}"]'.substitute(JSON.decode(data))).inject(document.body);
    }
});

// need to remove that or CORS will need to match it specifically
delete foo.headers['X-Requested-With'];
foo.send();    

This is why you are only seeing the OPTIONS pre-flight. It does not like you :)

You could change the .htaccess to also match X-Requested-With, which is probably some extra "security".

See http://jsfiddle.net/7zUSu/1/ for a working example - I did that a while ago when I wanted to get this change to Request https://github.com/mootools/mootools-core/issues/2381 fixed.

Answer 2

What do you mean by (OPTIONS only)? Both examples sends POST request, only difference is in Accept request headers.

MooTools sends Accept: application/json, while native sends Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8.

This may affect how the server responds.