Cross Domain Resource Sharing GET: 'refused to get unsafe header "etag"' from Response

javascript ajax rest cors web-applications

Solution 1:

Only simple response headers are exposed when using CORS. Simple response headers are defined here. ETag is not a simple response headers. If you want to expose non-simple headers, you need to set the Access-Control-Expose-Headers header, like so:

Access-Control-Expose-Headers: ETag

However, note that I've noticed bugs in Chrome, Safari and Firefox that prevent non-simple headers from being exposed correctly. This may be fixed by now, I'm not sure.

You shouldn't need to do a preflight request, since preflight is only required for non-GET/POST http methods or non-simple request headers (and you are asking about response headers).

Solution 2:

Have you ever tried AJAX 2.0 (Cross domain sharing) is a methodology fairly recently brought out by W3C: http://www.w3.org/TR/XMLHttpRequest2/#ref-cors

Also there is another way of doing this, which is called JSON-P, it's like a JSON request, but you can use it for cross-domains: http://en.wikipedia.org/wiki/JSONP

Both can be very dangerous to the site owners if not setup correctly though. So do be careful when using it.

[PS] Not sure if this will help : http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

Related

How to include other files to the output directory in C# upon build?
How to get some values in json to display? [duplicate]
How to use #if inside #define in the C preprocessor?
"IN" clause limitation in Sql Server
Automation to add a LF and CR (EOL) to the end of multiple .csv files
Select entries between dates in doctrine 2
Capitalize a string
How to suppress a StyleCop warning?
Error: open failed: ENOENT (No such file or directory)
Does garbage collector call Dispose()? [duplicate]
Does a name attribute have to be unique in a HTML document?
Disable iOS8 Quicktype Keyboard programmatically on UITextView