Reputation: 3132
jQuery not sending Authorization header
For some reason, this code is not sending the Authorization header. Why is that? Are there alternatives?
$.ajax({
type: "POST",
data: JSON.stringify(q),
url: "https://elasticsearchinstance" + "/index/_search",
contentType: 'application/json',
crossDomain: true,
dataType: 'json',
processData: false,
headers: {
"Authorization": "Basic " + btoa("username:password")
},
success: searchCallback
});
401 Unauthorized
If I manually edit the request in Fiddler to add the Authorization header, I get HTTP 200.
Edit - including this also does not help:
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic " +btoa("username:password"));
},
Edit - username and password also have no effect:
username: "username",
password: "password"
Upvotes: 0
Views: 917
Answers (2)
Reputation: 3132
Ah - turns out my ElasticSearch instance had CORS disabled. As I understand it, Chrome insists on sending an OPTIONS request to see if cross-domain POST is allowed before sending the POST itself in order to protect the security of the browser user.
By manually modifying the request and adding the Authorization header in Fiddler, I was able to skip that. (Due to the browser's insistence on OPTIONS, no website would arbitrarily have the ability to do that via javascript, which is why I couldn't get the header added).
Upvotes: 1
Related Questions
- Jquery Ajax not sending headers
- Request header values not send? CORS - jQuery Ajax
- jQuery.ajax doesn't send Authorization header with OPTIONS request
- Why my server ignores the authentication headers from an ajax request?
- ajax jquery cross domain call does not send authorization header
- CORS error with Jquery Ajax call when header is set
- Cannot get Ajax CORS request in jquery to work
- AJAX request failing even though CORS headers are present
- Ajax Authorization Header has not been sent
- Not able to access authorization required resource with jquery's ajax