Chapter 3
We can see two requests (OPTIONS and DELETE) targeting the same URL:
The response from the MongoLab server includes headers that make the final
DELETE request possible:
The MongoLab servers are well configured to send appropriate headers in response
to the CORS request. If your server is not properly configured the OPTIONS request
will fail and the target request won't be executed.
Don't be surprised upon seeing OPTIONS requests; this is just the
CORS handshake mechanism at work. Failing OPTIONS requests
most probably indicate that a server is not well configured.
Server-side proxies
JSONP is not an ideal technique for making cross-origin requests. The CORS
specification makes the situation better, but it still requires additional configuration
on the server side and a browser that supports the standard.
If you cannot use CORS or JSONP techniques, then there is always the option of
avoiding cross-domain request issues altogether. We can achieve this by configuring
a local server as a proxy to a foreign one. By applying a correct server configuration
we can proxy cross-domain requests through our server, and thus have the browser
target only our servers. This technique works on all browsers, and doesn't require
pre-flight OPTIONS request. Also, it doesn't expose us to any additional security risks.
The downside of this approach is that we need to configure the server accordingly.