CODEWITHSUNDEEP
javascriptajaxrestapiget
Jdoe
Jdoe

Reputation: 1

API get cross domain issues - Cross-Origin Read Blocking (CORB)

I'm trying to use API to get information about a specific user based on user ID. I need to use basic auth and pass some headers with my call. I'm getting this:

Cross-Origin Read Blocking (CORB) blocked cross-origin response  "rest/user/getProfile?callback=jQuery224033348109431646855_1548684613983&userId=24068..." with MIME type text/plain.

My code:

$.ajax
  ({
    type: 'GET',
    crossDomain: true,
    async: false,
    url: 'example_URL_/api/user/getProfile',
    headers: {
      "Accept": "application/json",
      "Content-Type": "application/json",
    },
    beforeSend: function (xhr) { xhr.setRequestHeader("Authorization", "Basic ZHVubmVzYXBpskjoi43u5409543o9tI654kjhugjy"); },
    dataType: 'jsonp',
    data: { "Id": "1234" },
    success: function (data) {
      console.log(data);
    },
    error: function (xhr, status, error) {
      console.log(xhr);
      console.log(status);
      console.log(error);
    }
  });

is there anything I'm missing?

Upvotes: 0

Views: 5132

Answers (2)

Mohammed El Banyaoui
Mohammed El Banyaoui

Reputation: 527

In your API configure CORS to accept all domains, or enter the domain that you're using to send the request from.

If your API is created by PHP here is an example:

<?php
 header("Access-Control-Allow-Origin: *");

Or if you are using a third party API, try to see the documentation. I'm sure there will be a part talking about CORS.

Upvotes: 1

Quentin
Quentin

Reputation: 943634

You said:

dataType: 'jsonp',

… so jQuery makes a JSONP request (i.e. inserts a <script> element).

The browser makes a request to the URL and the server said:

Content-Type: text/plain

Since a plain text document is not a JavaScript program, the browser refused to execute it and threw a CORB error instead.

A JSONP response must be application/javascript, not text/plain.

You need to either:

  • Not make a request for JSONP
  • Change the server to respond with JSONP

Aside: Since you are using JSONP, the type, crossDomain, async, headers, and xhr.setRequestHeader properties have no effect.

Since you said you needed to set basic auth, that rules out option two. You can't use JSONP for this.

Upvotes: 1

Related Questions