I originally asked this on Stack Overflow, but it occurred to me this morning that it may be a question better suited for Server Fault...
I'm using AJAX to make CORS requests to an api, but seeing some really odd behavior: my click-tracking (pre-flight OPTIONS request) is always interrupted by IIS and returns 500 before the request is handed off to the application.
For comparison purposes, here's a side-by-side of a failing request (left) and a successful request (right) as seen in Firefox's request inspector (click through for full-size)...
Note that both of these requests are automatically generated pre-flight requests created by jQuery (1.8.3), hitting the same server, from the same page, just a few seconds apart. A plethora of other requests work fine, and continue to work fine after the failed OPTIONS request for /click. But every request for /click fails in this same way.
The pre-flight for /click fails because of the missing ACCESS-CONTROL-ALLOW-HEADERS response header; but if IIS allowed the application to respond to the request, it would be included and would respond with status 200 (just like the one on the right)...
I can't for the life of me figure out why IIS would be doing this.
I should note that the API has not always included the ACCESS-CONTROL-ALLOW-HEADERS response header. I only recently added that in, so it's possible that we're looking at the result of something stuck in a cache somewhere. That said, I've tried in both Firefox and Chrome, and done a "delete all saved everything to the beginning of time" in both, so in theory it shouldn't be cached, right?
I've also tried changing the URI to /click2 for testing purposes, after fixing the headers issue, so in theory it shouldn't be a caching issue for that URI, if it is for the other. However, the problem persists with this new URI, too.
Is there some extra logging I can turn on in IIS to find out what the problem is? Settings I should check? Some known issue? I'm at a complete loss, here...
