So I've got a bookmarklet which executes javascript on other websites, which I want to trigger an 403 Authentication Required
header, once the Cache button on it, is clicked. That way, a prompt will come up asking them to login.
The problem is that I'm not meant to provide an authentication header with the ajax request I am making, whilst having Access-Control-Allow-Origin:
set to any domain with the *
value. I'm supposed to explicitly define which domain I want to allow an 403 Authentication header to appear on, but I can't.
Here's my code.
.htaccess
header set Access-Control-Allow-Origin: *
#header set Access-Control-Allow-Methods: GET, POST, PUT, DELETE
header set Access-Control-Allow-Headers: Authorization
JQuery
$.ajax({
headers : {
"Authorization" : "Basic TVNF3TQtU1BGMjAx6C12bVxzbW4ydHBvaW50OlF3Z5J0eSEyM6Q1"
},
type: "GET",
url: 'http://desbest.uk.to/clickrobot/favicon.png', //image for testing
crossDomain:true,
xhrFields: {
withCredentials: true
},
//contentType: "application/json; charset=utf-8",
//dataType: "json",
success: function(data) {
alert('ok!');
//formatData(format_type,data);
},
error: function(jqXHR, textStatus, errorThrown) {
alert(textStatus + ' / ' + errorThrown);
}
});
The error I get
Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
I've seen the Diigo bookmarklet do it, so it is possible, but how? Is it possible at all?