Ok, It looks like I made a mistake with my initial question. So, here are some corrections. The answer still applies, because the second redirect is stopped when there is a change in protocol to HTTPS (SSL).
In my case, I have a redirect occurring multiple times, and the browser doesn't follow the second redirect. The first redirect is followed but returns an error.
I keep reading that JavaScript AJAX responses containing redirects are followed automatically, but it look like not in my case. The first redirect is automatically followed by the browser, and the first redirect is returned without following the second redirect in the header. My problem is that I want all the redirects to be automatically followed by the browser.
The redirects are part of the phpCAS library. I have an API written in PHP which checks the user authentication, each time, before returning the results.
Here is the sequence. The main thing to note is that the browser returns the second response, after following 1 redirect. I would prefer it went all the way and returned the last response when I make an AJAX call to localhost/example/api
.
localhost/example
localhost/example/api
using jQuery.ajax()Response 1: localhost/example/api
https://localhost/accounts/cas/login?service=api.example.com&gateway=true
(using SSL).Response 2: (SSL) localhost/accounts/cas/login?service=api.example.com&gateway=true
Response 3: localhost/api?ticket=TICKET
Response 4: localhost/api
There's no particular reason I'm using CAS over OpenID or OpenAuth(orization). CAS was just the first authentication module I was able to get working in WordPress. I am open to suggestions in terms of using a different authentication library, CMS, framework, etc. Although, my hope is to just get this project finished. So the less re-tooling the better.
As you later found yourself as you added in your comments, ajax requests are subject to same origin policy.
Yes, you could use JSONP - however, if you are fortunate enough to have to support only IE8 and upwards, CORS might be a better solution.
Basically, adding headers such as
access-control-allow-origin: http://api.example.com
access-control-allow-credentials: true
to your server answer, you could work around cross origin policy.
Also see this jQuery ticket to make it kinda work with jQuery.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With