Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

jQuery.Ajax "Access to restricted URI denied" explanation?

Tags:

json

jquery

ajax

cors

I'm investigating cross-domain usage of a .NET WCF Domain Service from a local (file:// access) html app. The app is using jQuery for AJAX calls.

Without authentication (i.e. with anonymous authentication) on the server I have successfully retrieved data in JSON format with the CORS "Access-Control-Allow-Origin: *" header in place and in JSONP format without the header.

Now I'm trying to understand the behaviour when authentication and the CORS header is in place with JSON (not JSONP) format data.

The following jQuery code will send a request to the server, which in turn responds with "HTTP/1.1 401 Unauthorized".

$.ajax({
    url: myUrl,
    dataType: 'json',
    cache: false,
    complete: function () { /* do stuff */ },
    timeout: 5000,
    data: myData
});

The following jQuery code does not make a request to the server and immediately throws an exception "Access to restricted URI denied", code 1012.

$.ajax({
    url: myUrl,
    dataType: 'json',
    cache: false,
    complete: function () { /* do stuff */ },
    timeout: 5000,
    username: "chris",
    password: "password",
    data: myData
});

I understand and expect the first case. Can anyone explain to me the exception in the second case? I would have expected the request to be made at least.

Edit: Grrr, this is in FF 10.0.2. Chrome seems to act as I expect, so is this a FF issue?

like image 627
Chris Avatar asked Feb 28 '12 09:02

Chris

Video Answer

1 Answers

If you use credentials such as cookies or HTTP basic auth username/password fields in your cross-origin request, you need to also set the "withCredentials" flag on the XHR to true. In jQuery, this is done with the xhrFields property on the $.ajax call. Change your code to read

$.ajax({
    url: myUrl,
    dataType: 'json',
    cache: false,
    complete: function () { /* do stuff */ },
    timeout: 5000,
    username: "chris",
    password: "password",
    data: myData,
    xhrFields: { withCredentials: true }
});

Also, the server on the other end can't use "*" for the Access-Control-Allow-Origin header with credentials. It instead has to provide an exact match for the Origin header sent to it.

like image 120
Ben Combee Avatar answered Sep 19 '22 13:09

Ben Combee
Sign in to Comment

Related questions

How can I keep MVC JQuery Ajax POSTs DRY?
Reverse Ajax with JSF?
Populate table contents from PHP array using AJAX
Updating DOM via Javascript causing memory leaks (only in Firefox?)
CouchDB real-time Ajax push update
Select content within a variable instead of within the current DOM with jQuery?
How can I distinguish between requests made from RenderAction and via AJAX?
(poor man's )product recommendation implementation
Making Update Progress Panel in the center
jQuery/AJAX call with a timer
Learn jQuery and AJAX for Rails
how to use jmeter with ajax request
Ajax + back & forward buttons
Asp.net MVC FileContentResult - prevent opening in browser
How can I hide #! on browser address bar?
How to draw HTML5 Canvas lines given user input of X,Y points?
Bind events to dynamically added elements
buttons with no href, onclick etc
How does Twitter display my profile instantly?
Sending JSON object successfully to ASP.NET WebMethod, using jQuery

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!