Hi all,
We are developing a store web site, and we use CORS preflight (
http://www.w3.org/TR/cors/#resource-preflight-requests) technology to communicate with our API using HTTPS+SPDY.
To sum up what we are doing is sending a PUT request to our REST API, and this force the browser to send an OPTIONS request before the PUT request.
This is where we have an issue since the last avast update : this OPTIONS request seems to be discarded when the Avast Web agent is enabled.
The problem is this request is used by browser to check if the server is allowed to do the preflight request, so it make our PUT request fails.
We tested various solutions (chaning OPTIONS to return 200 OK instead of 204 No content, removing headers, etc) and just found a workaround by disabling SPDY, but we cannot disable SPDY on all out site just to fix this issue.
So it seems to be that avast is blocking or discarding HTTPS requests with OPTIONS and SPDY.
So in conclusion:
- The site is working when disabling the Web Agent.
- The site was working just fine with previous version of Avast.
- The site is working when disabling SPDY on our nginx server
- Only the OPTIONS request is discarded, all other requests are OK.
- No popup is displayed, we are not sure why the request is discarded.
Is someone has information about the lastest Avast update, is this a new feature ? Is there anyway to have more logs and have info why our request was discarded ?
Thanks
