coffeLord February 2016

ajax error handling works not as expected with CORS

I've got another issue with CORS. I made a setup for ajax to handle some errors but the problem is now some are never triggered with cross domain requests.

I know it is not possible to catch preflights (timeouts) because they are fired by the browser, is it? But I thought it should be possible to catch an internal server error with the .e.g. GET after. The error handling works without CORS (turns out 500 is converted to 0)

my setup which is never called:

jQuery.ajaxSetup({
        statusCode: {

            500: function (data, textStatus, jqxhr) {

                if (data.status === 500) {
                    window.location.hash = "#error";
                }
            }
        }
    });

the GET request:

    jQuery.ajax({
        url: url,
        type:'GET',
        timeout:1000
    }).done (function (data, textStatus, jqXHR) {
        updateCookie (jqXHR);
        Logger.log("finished loading " + log);
        callback(data);

    }).fail (function (data, textStatus, jqXHR) {
        Logger.log("failure loading " + log);

    });

Anybody a hint for me how to get around that problem? Greetings

Update: Ok debugged again and found that the fail is called but instead 0f 500 -> status 0 is returned.


the GET request after successful preflight:

Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
Accept: */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
X-CSRF-TOKEN: 11258a06-36ea-4a21-a935-d215fcc92714
X-Requested-With: undefined
Origin: null
Connection: keep-alive

the response from the server as expected when trying to get a resource which was deleted:

Connection: close
Content-Language: en
Content-Type: text/html;charset=utf-8
Date: Mon, 08 Feb 2016 20:33:12 GMT
Server: Apache-Coyote/1.1
Transfer-Encoding: chunk        

Answers


apsillers February 2016

The CORS specification states under the Cross-Origin Request with Preflight section:

The following request rules are to be observed while making the preflight request:

...

If the response has an HTTP status code that is not in the 2xx range

  • Apply the network error steps.

If there is a network error

  • In case of DNS errors, TLS negotiation failure, or other type of network errors, apply the network error steps. Do not request any kind of end user interaction.

Therefore, a preflight that meets a 500 response or experiences a timeout (or any other network failure) triggers the specification's "network error steps." The network error steps are the same error steps used whenever there is a general CORS failure (e.g., wrong origin allowed, no CORS headers present at all, etc.):

Whenever the network error steps are applied, terminate the algorithm that invoked this set of steps and set the cross-origin request status to network error.

In the browser environment, a "network error" status corresponds to the status 0.

In order to prevent this from happening, the server must ensure that the preflight does not fail. Alternatively, change your request so that it is simple (i.e., uses only simple methods and headers) and therefore does not require a preflight.

Post Status

Asked in February 2016
Viewed 1,054 times
Voted 8
Answered 1 times

Search




Leave an answer