I'm developing an Emberjs front-end that should use a django rest framework backend. I'm just starting out and working on the authentication using JWT/Javascript Web Tokens.
This is what I've done:
- On the backend (currently django's development server for obvious reasons) I'm allowing all origins (since ember-cli runs at localhost:4200 and django at :8000). I.e. the origin is being accepted.
- The serverTokenEndpoint is correctly set in Emberjs
- I can add manually the numeric headers on django to be accepted, but I don't want to unless I know why I should allow them.
The problem I see now is the following:
- On chrome, the preflight OPTIONS request to the backend includes a request to allow headers 0 to 9.
- On Firefox, the preflight OPTIONS request to the backend includes a request to allow headers 0 to 4.
These headers are not allowed by the backend and I could not find a source for this request nor what their meaning should/could be.
Again, this is part of the OPTIONS request from Firefox:
Access-Control-Request-Headers: 0,1,2,3,4,content-type
And this from Chrome:
Access-Control-Request-Headers: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, accept, content-type
My question: Why are these headers in the request? Where do they come from and what do they mean? And, ideally, how can I get rid of them?
Aucun commentaire:
Enregistrer un commentaire