Can't set a header using Cors and Ajax

Question

Hello I am trying to do a http request with Basic Auth, but I can't set the header authorization and it is allowed in server.

Ajax :

  $.ajax({  


        xhrFields: {  withCredentials: true  },
        beforeSend: function(xhr){xhr.setRequestHeader('authorization', 'Basic cmFmmFuQHBoaWlubm92YXRpb25zLmNv=');},
        url : 'http://www.vozi.dev.br/api/audio',           
        type: 'POST',
        data:  JSON.stringify(sender),
        dataType: 'json',
        contentType: 'application/json',
        success : function(data, textStatus, jqXHR) {   
                    //do something


        }

    });

Http Request Header:

Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,pt;q=0.6
Access-Control-Request-Headers:accept, authorization, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
Host:www.vozi.dev.br
Origin:http://localhost:8080
Referer:http://localhost:8080/act_text.jsp
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36

Http Response Header:

Access-Control-Allow-Headers:accept, authorization, content-type
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:*
cache-control:no-cache
Connection:Keep-Alive
Content-Type:text/html; charset=UTF-8
Date:Wed, 14 May 2014 20:15:53 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.6 (Ubuntu)
Set-Cookie:PHPSESSID=k6gg748e47b2fv67; path=/
Transfer-Encoding:chunked
www-authenticate:Basic realm="Secured Area"
x-debug-token:5373cef9430fe
X-Powered-By:PHP/5.5.3-1ubuntu2

Error :

OPTIONS http://www.vozi.dev.br/api/audio 401 (A Token was not found in the   SecurityContext.) jquery.js:8706
OPTIONS http://www.vozi.dev.br/api/audio Invalid HTTP status code 401 jquery.js:8706
XMLHttpRequest cannot load http://www.vozi.dev.br/api/audio. Invalid HTTP status code 401

score 0 · Answer 1 · edited May 23 '17 at 12:13

0

I assume your having this issue with IE10 or IE11, This is not an issue with Chrome. IE doesn't send authorization headers with OPTIONS request, so on server side if you enable Windows integrated authentication, it does reject the OPTIONS request.

I have this workaround posted on another stackoverflow question

edited May 23 '17 at 12:13

Community

1
1

answered May 15 '14 at 13:58

Sathish Naga

1,358
2
10
18

1

Hello , thanks for replying, I'am using Chome and Firefox, both with the shame error. – rtrevizan May 15 '14 at 14:02
it worked for me in Chrome, not sure why it's not working for you!! – Sathish Naga May 15 '14 at 21:46
No browsers will send Authorization headers, or any other custom header, along with the preflight. Doing so would violate the CORS spec. You can read more about that here:http://www.w3.org/TR/cors/#preflight-request – Ray Nicholus May 16 '14 at 01:43

score 0 · Answer 2 · answered May 15 '14 at 20:40

0

I find out that i can't use

  Access-Control-Allow-Origin:*

if I am using

  withCredentials: true

Is necessary to set the origin.

answered May 15 '14 at 20:40

rtrevizan

1
1
1

yes, I have a the filter for Options request, it get the origin from the request and add to response, `var origin = httpReq.Headers.Get("Origin"); httpRes.AddHeader(HttpHeaders.AllowOrigin, origin);` – Sathish Naga May 15 '14 at 21:44

Can't set a header using Cors and Ajax

2 Answers2

Linked