Reputation: 161
Cross origin request with AJAX, JQuery, Apache & basic authentication
After spend many hours on Google and Stackoverflow without feeling of progress, I'm asking help to make cross request ajax working.
I have JQuery on client side with a custom configuration for basic authentication :
//configuration AJAX
$(document).ajaxSend(function(e, xhr, options) {
xhr.withCredentials = true;
xhr.setRequestHeader("Authorization", "Basic dGVzdEB0ZXN0LmZyOmF6ZXJ0eQ==");
});
//a request
$.get("http://domainA.com/api");
On my server, Apache is configured to respond with special cors headers:
Header always set Access-Control-Allow-Origin "http://domainB.com"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header always set Access-Control-Request-Headers "Authorization, X-Requested-With, Content-Type, Accept, Origin"
Header always set Access-Control-Max-Age "86400"
Header always set Access-Control-Allow-Credentials "true"
So, when the request is send, AJAX made a preflight request :
OPTIONS /api HTTP/1.1
Host: domainA.com
User-Agent: useragent
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Origin: domainB.com
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Connection: keep-alive
And my server respond with :
HTTP/1.1 200 OK
Date: Fri, 09 Aug 2013 15:58:38 GMT
Server: Apache
Access-Control-Allow-Origin: http://domainB.com
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Request-Headers: authorization, X-Requested-With, Content-Type, Accept, Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: true
Content-Length: 489
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
And the AJAX request stops without doing the real request. The returned code is 0. I can't find what is the problem in my configuration as any Access-Control-Request has its response. Thank you for your help
Upvotes: 1
Views: 3063
Answers (1)
Reputation: 175
Maybe you should try this? It works fine on my Apache server:
Header always set Access-Control-Allow-Headers "Authorization, X-Requested-With, Content-Type, Accept, Origin"
Use Access-Control-Allow-Headers instead of Access-Control-Request-Headers.
Upvotes: 1
Related Questions
- Make a http request with ajax for basic authorization and cors
- cross-origin 'Authorization'-header with jquery.ajax()
- Cross Origin Resource Sharing (CORS) via AJAX
- Login User On Cross Domain Using Ajax Call?
- ajax jquery cross domain call does not send authorization header
- JQuery cross-site request with credentials
- jQuery AJAX Cross Domain with BASIC Authentication
- CORS authentication with jQuery
- Minimal cross domain ajax example that forces preflight OPTIONS
- CrossDomain ajax request using CORS