I’m trying to build a sample web page that uploads an observation and a picture. I use chrome to test it.
You can test it at https://joanma.uab.cat/projectes/RitmeNatura/captura/
To test it you only have to [Log in in iNaturalist], select a picture (a file) and press [Send a test observation]. Internally it executes some AJAX GET requests and an AJAX POST observations and a POST observation_photos. I creates an observation with a photo.
The problem is simple to describe:
- any GET request has no CORS issues and I’m able to read the json data that I get back. GREAT!.
- a POST request to observations.json is still considered a “simple request” and does not require a preflight OPERATIONS request so it is send and accepted by the server. Unfortunately I’m not able to read the json response but this is not big deal because if there is no mistake in the request I can assume it will create the observation (actually it does that) and wait for a bit an do a GET request to get back some data that confirms that the observation has been stored.
- a POST request that sends a “file” (the image) fails because Chrome believes a “preflight request” is necessary. DEAD END!.
I have tested the OPERATIONS request in Postman and I have demonstrated that the OPERATIONS responds ERRONEOUSLY that Access-Control-Allow-Methods is GET, OPTIONS only. I cannot manage to get a correct response saying that also POST, PUT and DELETE are supported. I have tried almost everything!.
This is very frustrating because I was almost ready to complete my task but I do not know how to overcome this issue without having to add my own server in between. I do not want to do this if it is possible.
I have hopes that it is not my mistake and that the responsible people taking care of the iNaturalist servers can fix this in their end following something similar to this instructions: https://enable-cors.org/server_nginx.html.
Thanks for your help.