0

Failing to submit the username/password using JavaScript but with general web-browser's, while using direct url in address bar it works by inserting the username password manually in the popup.

How to fix it?

<script>
function make_base_auth(user,password) {
  var tok = user + ':' + password;
  var hash = btoa(tok);
  return "Basic " + hash;
} // ends

$(document).ready(function() {  
  $.ajax({
    type: "GET",
    url: "http://www.example.be/a/b/c?id=9990",
    dataType: 'xml',
    async: false,
    data: '',
    beforeSend: function(xhr)
    {
      xhr.setRequestHeader('Authorization', make_base_auth("user1", "1234"));
    },
    success: function (data, textStatus, jqXHR){
      console.log(data, textStatus, jqXHR);
    }
  });  
});
</script>

ERROR from server:

enter image description here

  • Are you even making the GET request? Or is it failing on the preflight OPTIONS request? – Quentin Jun 21 '16 at 06:58
  • I am always getting 1) "Response for preflight has invalid HTTP status code 401" 2) response header says: Access-Control-Allow-Methods:GET, POST, DELETE, PUT 2) Requested header says: Access-Control-Request-Method:GET –  Jun 21 '16 at 07:00
  • So the server isn't configured to allow you to make the cross-origin ajax request. You need to change the server so it gives you permission to make the request. – Quentin Jun 21 '16 at 07:02
  • Sir, that means i cant use Ajax, i have to use Linux Bash curl tools? because from Linux command line while using curl it works. But it never worked when i used Javascript Ajax methods. (Server cant be changed because its Government API, they wont modify it for me) –  Jun 21 '16 at 07:06
  • Sir, why it works when i use my same PC `curl -v "http://www.test.com/a/b/c?id=1234" -u user1 -LK -XGET;` or Google chrome with address bar? but from same PC with Ajax not `https://www.myserver.com/test` ? –  Jun 21 '16 at 07:12
  • http://stackoverflow.com/questions/35553500/xmlhttprequest-cannot-load-https-www-website-com/35553666#35553666 discusses the Same Origin Policy and CORS in more general terms than the duplicate question (which focuses on preflight requests) and covers why making requests from other people's browsers is different from making a request yourself. – Quentin Jun 21 '16 at 08:48

1 Answers1

-1

Provide headers: authorization, cache control in headers: 

var settings = {
  "async": true,
  "crossDomain": true,
  "url": "http://www.example.be/a/b/c?id=9990",
  "method": "GET",
  "headers": {
    "authorization": make_base_auth(user,password),
    "cache-control": "no-cache"
  }
}

function make_base_auth(user,password) {
  var tok = user + ':' + password;
  var hash = btoa(tok);
  return "Basic " + hash;
} // ends


$.ajax(settings).done(function (response) {
  console.log(response);
});
Deepak Sharma
  • 1,027
  • 10
  • 21
  • Sir , i am getting "Response for preflight has invalid HTTP status code 401" still failing not working like before. –  Jun 21 '16 at 06:59
  • The OP is already putting the authorisation in the headers, it is just using a less nice syntax. Why would adding a cache-control header help? – Quentin Jun 21 '16 at 07:03