This is a bit of a follow-up post to my Refused to set unsafe header post. A question I was asked was about how to do something with CORS in Chrome, and my immediate findings were that it is impossible. As of recently I looked back into it and have come across a couple possible solution.
The first possible solution is to make sure to send the proper headers, as Chrome will take into account what the server says is allowed. For this, you can set the access control headers however you want. For the example, I will show the php version I found.
This will allow you to set the various headers you would need for a CORS request. Another possibility is by using a content type that the control isn't strictly enforced. With that, it seems by setting the Content-Type to plain/text, it should go through without a problem.
I personally haven't tried either of these because I have yet to have a use for it with what I do, however I wanted to share this bit of information should anyone be curious and happen across here.
The first possible solution is to make sure to send the proper headers, as Chrome will take into account what the server says is allowed. For this, you can set the access control headers however you want. For the example, I will show the php version I found.
header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Credentials: true "); header("Access-Control-Allow-Methods: OPTIONS, GET, POST"); header("Access-Control-Allow-Headers: Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control");
This will allow you to set the various headers you would need for a CORS request. Another possibility is by using a content type that the control isn't strictly enforced. With that, it seems by setting the Content-Type to plain/text, it should go through without a problem.
I personally haven't tried either of these because I have yet to have a use for it with what I do, however I wanted to share this bit of information should anyone be curious and happen across here.