Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Add authentication to OPTIONS request

Tags:

How can I add headers to the OPTIONS request made towards a cross-domain API?

The API I'm working against requires a JWT token set as Authorization header on all requests.

When I try to access to the API Angular first performs an OPTIONS request that doesn't care about my headers that I setup for the "real" request like this:

this._headers = new Headers({     'Content-Type': 'application/x-www-form-urlencoded',     'Authorization': 'Bearer my-token-here' });  return this._http             .post(AppConfig.apiUrl + 'auth/logout', params, {headers: this._headers})             ...             ...

When no token is provided, the API returns HTTP status 401 and Angular thinks the OPTIONS request fails.

like image 785
Glenn Utter Avatar asked Nov 21 '16 14:11

Glenn Utter

People also ask

How do I add additional authentication methods to my Network?

On the Authentication Method page, select the authentication option you want to use on your network. To select multiple methods that are attempted in order until one succeeds, click Advanced, click Customize, and then click Add to add methods to the list. Second authentication methods require Authenticated IP (AuthIP). Default.

How do you authenticate a request with a custom header?

To achieve this authentication, typically one provides authentication data through Authorization header or a custom header defined by server. Replace “user” and “pass” with your username and password. It will authenticate the request and return a response 200 or else it will return error 403.

How do I authenticate with OAuth 1?

Replace “user” and “pass” with your username and password. It will authenticate the request and return a response 200 or else it will return error 403. A common form of authentication for several web APIs is OAuth. The requests-oauthlib library allows Requests users to easily make OAuth 1 authenticated requests:

What are the types of authentication available in the requests module?

This chapter will discuss the types of authentication available in the Requests module. HTTP authentication is on the server-side asking for some authentication information like username, password when the client requests a URL. This is additional security for the request and the response being exchanged between the client and the server.

1 Answers

According to the CORS specification when a preflight request is performed user credentials are excluded.

(...) using the method OPTIONS, and with the following additional constraints:

  • (...)
  • Exclude the author request headers.
  • Exclude user credentials.
  • (...)

(emphasis is mine)

With this in mind, the problem seems to be on the API side of things, which should be accepting OPTIONS requests without requiring authentication.

like image 87
João Angelo Avatar answered Sep 27 '22 20:09

João Angelo
Sign in to Comment

Related questions

How to spyOn a static class method with Jasmine
ngrx effect not being called when action is dispatched from component
Python-docx, how to set cell width in tables?
Warning in StringBuffer and StringBuilder
What is the difference between RxJava 2 Cancellable and Disposable?
Is it (`?:`) typescript ternary operator [duplicate]
How to set specific workspace folder for jenkins multibranch pipeline projects
how to set readable xticks in seaborn's facetgrid?
Cannot use instance member within property initializer
Connect to host mongodb from docker container
Firebase Auth, how to know new user signed up, rather than existing user sign in?
The postgresql-x64-9.6 service on local computer started and then stopped. Some services stop automatically if they are not in use

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!