Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

XMLHttpRequest based CORS call with Basic Auth fails in Firefox and Chrome

Tags:

jquery

xmlhttprequest

Need to make a REST GET call with Basic Auth from a javascript (in www.domain1.com). REST API is in domain2.com. REST API returns with the CORS specific HTTP headers. I need to support IE, Chrome and Firefox. Below JavaScript explains the issue further –

  1. Without Basic Auth (WORKS in IE 10, Chrome and Firefox, taking care of Older IEs by XDomainRequest object)

    var xhr = new XMLHttpRequest();
xhr.open(method, url, true);

  2. With Basic Auth (WORKS in IE 10 only, Fails in Chrome and Firefox)

    var xhr = new XMLHttpRequest();
xhr.open(method, url, true, username, password);

  3. With Basic Auth (Fails in Chrome and Firefox)

    var xhr = new XMLHttpRequest();
xhr.open(method, url, true);
xhr.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password));
xhr. withCredentials = “true”;

  4. With Basic Auth (Fails in Chrome and Firefox)

    $.ajax({
type: 'GET',
url: jsonp_url,
dataType: "json",
username: username,
password: pwd,
beforeSend: function (xhr) {xhr.withCredentials = true; },
success: function (result) { },
error: function (xhr, ajaxOptions, thrownError) {
}

    I would love to get a solution here that works in Chrome and FireFox with Basic Auth

like image 406
Andy T Avatar asked Oct 07 '13 21:10

Andy T

1 Answers

It got resolved. Noticed that the browser makes this cross domain calls with Authentication in 2 steps - a preflight call before the actual request. The nature of this preflight call is different in IE and [Chrome + Firefox]. IE makes a HTTP GET preflight call and it comes back with 401 and then it sends the authentication details in the actual request. But, Chrome and Firefox take much safer approach by making a HTTP OPTIONS call to check what all things the web server supports as CORS (Which domains are allowed / whether supports GET / POST etc) and the next call goes with the actual HTTP GET request with authentication.

Unfortunately, the API side was coded in such way that it was authenticating each Http call. That’s why even the HTTP OPTIONS call was also coming back with 401. [chrome + Firefox] were throwing exception right after the preflight call.

In the API side, modified the code not to return 401 in case of OPTIONS calls and it started working.

like image 52
Andy T Avatar answered Sep 25 '22 03:09

Andy T
Sign in to Comment

Related questions

<object> created by function called from $(document).ready not rendered
Usage of .js.erb for Ajax in Rails 3 (jquery .js vs .js.erb)
Asmx web service returning xml instead of json, Trying to remove <string xmlns="http://tempuri.org/"> from service output
Unable to bind to click event on Leaflet popup
jquery ajax / django - present form in a bootstrap modal and re-show if validation was not successful
Automatically call jQuery functions on new dom elements
Does the jQuery $(window).load(); event not fire on pages without a <!DOCTYPE> declaration? (...in a chrome extension content script)
use the css3 transform-origin to center and zoom
How to get attribute info from a JQuery UI menu select event
Masonry stack from bottom up
mediaelement.js changeSkin
Detect and remove URLs from textarea
Read and base64 encode a binary file
Loading a page via Ajax into Div Best Practice?
Preventing double-click bug with checkbox + label combination
Exclamation mark doesn't work in trigger() when using event namespace in jQuery 1.9
Entering values into a jquery-select2 that are not in the select list
How could I parse through this JSON object in JQuery? [duplicate]
Hiding Bootstrap Popover on Click Outside Popover
How can I map a tag to an ID value with TagIt for jQuery?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!