0

Can anyone tell me why this request is failing to get past the SO policy restriction?

JS:

var blob = new Blob([req.response], {type: "application/octet-stream"});
req = new XMLHttpRequest();
req.open("POST", ws_path(other_context, 'receive_pkg'), true);
req.onload = function (evt) { alert(req.response); };
req.send(blob);

The called PHP page on the other domain:

header('Access-Control-Allow-Origin: *');
file_put_contents('log.txt', 'script accessed');

The request does go, and the log is written, but the browser blocks the response. I have another request to the same script that is NOT a blob, but a normal post request, and this responds just fine. The problem seems to be with just the blob request, and I've no idea why or whether what I'm doing is actually prohibited.

[Research effort: I got my hopes up when I found this question, but duplicate answers deal only with CORS in general, not blobs, as per the OP's question]

Improve this question

1 Answer 1

Reset to default
1

After a lot of digging and experimentation with this I found a workaround: namely, change the encoding from application/octet-stream to application/x-www-form-urlencoded.

With the former, the request is blocked, even though the web service called explicitly allows the caller domain for CORS. With the latter, the caller domain is allowed through.

However, this brings a new problem: data sent in this way, at least to a PHP web service, will likely exceed the max_input_vars stat.

This can be overcome by increasing it, via a .htaccess file, like so:

php_value max_input_vars 50000000
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This article on MDN explains why. TL;DR: For non-standard encodings, you have to use a preflight CORS request, not a simple one. The biggest caveat is that you cannot do Access-Control-Allow-Origin: * with those
Aha so it's documented, and not a bug, then. Thanks for the tip.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.