Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Setting authorization in native browser fetch

Tags:

javascript

browser

fetch-api

I'm coming across an issue where I can't seem to set the headers for a fetch request and I think I'm missing something

var init = {
        method: 'GET',
        headers: {
            'Accept': 'application/json',
            'Content-Type': 'application/json',
            'Authorization': 'Bearer myKey'
        }
    };
return fetch(url, init).then(function(response){...

When the request is inspected in the network tab, I'm not seeing the headers get set and instead see

Access-Control-Request-Headers:accept, authorization, content-type

when I would expect to see

Authorization: Bearer myKey
Content-Type: application/json
Accept: application/json

I've also tried using the native Headers() with zero difference.

Am I missing something here?

like image 884
mkalish Avatar asked Jan 07 '16 18:01

mkalish

People also ask

How do I pass authorization in Fetch?

You can pass HTTP headers to the fetch() request as the second parameter. For example, to pass the Bearer Token Authorization Header, call fetch() with the {headers: {Authentication: 'Bearer Token'}} parameter.

What does the fetch () method do?

The fetch() method in JavaScript is used to request to the server and load the information on the webpages. The request can be of any APIs that return the data of the format JSON or XML. This method returns a promise.

Does fetch get by default?

Fetch defaults to GET requests, but you can use all other types of requests, change the headers, and send data. Let's create a POST request. The method key will have the value 'POST' . body will be set equal to the JSON.

1 Answers

I was having the same issue and took a bit of investigating this evening. The problem is cross-origin resource sharing / CORS. With Fetch it is the default and it makes things considerably more complex.

Unless Both the origin and destination are the same it is a cross-domain request, and these are only supported if the request is to a destination that supports CORS ( Cross-Origin Resource Sharing ). If it does not then it will not go through. You'll usually see an error like No 'Access-Control-Allow-Origin' header is present on the requested resource

This is why you can not do Authorization headers on non-CORS sites; see #5 and basic headers

  • https://fetch.spec.whatwg.org/#concept-headers-guard
  • https://fetch.spec.whatwg.org/#simple-header

FORBIDDEN HEADER NAMES:

  • https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name
  • https://fetch.spec.whatwg.org/#forbidden-header-name

And unfortunately, before you try the XMLHttpRequest route, the same applies: This is the same with XMLHttpRequest:

  • https://www.w3.org/TR/XMLHttpRequest/#the-open()-method
  • https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest
  • http://arunranga.com/examples/access-control/credentialedRequest.html

Finally, your choices to move forward are: 1. JSONP 2. Write a proxy that is not in the browser 3. Put CORS on the destination server

This article sums it up nicely

like image 197
ehiller Avatar answered Oct 14 '22 23:10

ehiller
Sign in to Comment

Related questions

JavaScript - What is correct way for replace "\" charcter with "/" in RegExp
pdfkit does not load css and JavaScript
MutationObserver characterData usage without childList
PolymerJS: How to output Model data?
How does using specifically "[]" as a parameter work?
Markers do not appear on continuous world in Leaflet
What does the notation () => mean and how to use it? [duplicate]
Promises: is .done() executed always even if .catch() is?
Browserify DataTables
Is it possible to change the name of an object type in JavaScript?
How to fire an ajax request in Angular 2?
download HTML5 mp4 video using Javascript
ES6 classes don't work on Chrome 47
ngdoc documentation for controller
Chrome extension ajax sending malformed accented characters
Algorithm to build a pyramid with squares
Re-init Materialize.css select box after removal from Knockout.js options array
socket.io 'connect' or 'reconnect' event not fired after reconnect
Change Id & Class Inside a variable containing html code jquery
What are the benefits of using the co library with promises instead of with thunks?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!