0

i am using HTTP Basic Auth on my Webserver. Now i want to call a PHP Script via jQuery. Without Basic Auth it works fine but with Basic Auth activated the Browser shows a login prompt. For me it seems like the Auth Parameters were not transmitted correctly?! Any ideas?

Here my js:

    var username = [USER];
var password = [PASSWORD];
$.ajax
({
  type: "GET",
  url: "[URL]/[Script].php?callback=?",
  dataType: 'json',
  headers: {
    "Authorization": "Basic " + btoa(username +":"+ password)
  },
  success: function(result){
    alert('Yeah!');
  },
  error: function(er){
    alert('error!' +er);
  }
});

edit, but also dont work :/

    $.ajax
({
  type: "GET",
  url: "[URL]/[Script].php?callback=?",
  dataType: 'json',
  async: false,
  xhrFields: {
    withCredentials: true
  },
  beforeSend: function (xhr) {
    xhr.setRequestHeader ("Authorization", "Basic " + btoa(username + ":" + password));
  },
  success: function(result){
    alert("YEY");
  },
  error: function(er){
    alert('error!' +er);
  }
});

No Auth: http://fs5.directupload.net/images/161220/izy9yqdh.jpg

correct Auth: http://fs5.directupload.net/images/161220/nkh6ybts.jpg

direct php call: http://fs5.directupload.net/images/161220/xvo4rry9.jpg

Lukas
  • 420
  • 2
  • 13
  • are you 1000% sure you're doing ajax? – madalinivascu Dec 20 '16 at 07:27
  • 3
    Possible duplicate of [How to use Basic Auth with jQuery and AJAX?](http://stackoverflow.com/questions/5507234/how-to-use-basic-auth-with-jquery-and-ajax) – ADyson Dec 20 '16 at 09:45
  • seems like the same question, yes ... But there is no fix for this issue right? – Lukas Dec 20 '16 at 10:12
  • @Lukas err...What makes you say that? the fix is in the accepted answer to the duplicate question I linked to. You need to construct your `$.get` request in the same way. – ADyson Dec 20 '16 at 10:56
  • i updated my code in my first post, but no succeed :( everytime i open the website my js included i get a prompt with username and password to enter – Lukas Dec 20 '16 at 11:06
  • is this a cross-domain request? If not, then remove the `xhrFields: { withCredentials: true },`. Shouldn't be required for same-origin requests, and possibly it might interfere with the headers somehow. Oh, and obviously have you tried opening the PHP script directly in your browser and entering the same username/password? Does it work then? (i.e. narrow the problem down to your script, and not the server or your credentials). – ADyson Dec 20 '16 at 11:21
  • Lastly look in your browser's network tab and see if you think it's constructing the request properly, and what response you are getting back - do you get a 401 challenge? – ADyson Dec 20 '16 at 11:22
  • Yep, it's a cross-domain request. When i try to open the php script via browser i get a 401. After inserting username and password i get the right response – Lukas Dec 20 '16 at 11:27
  • ok so examine the network tab of your successful request and compare the request structure to the unsuccessful one made by your ajax call. – ADyson Dec 20 '16 at 14:02
  • I added two screenshots to my first post. First one shows the network tab without authentication (login prompt in firefox just closed) and the second one with correct login informations (login prompt filled out correct). I can see that the last line is missing, the Authorization informations ... so it seems like they were not transmitted correctly right? – Lukas Dec 20 '16 at 15:16
  • no i meant compare when you give authorization when you open the page directly, vs when you give authorization when you request via ajax. In theory both should pass the credentials, but maybe the structure is different/incorrect for the ajax version. – ADyson Dec 20 '16 at 15:20
  • ah ok. I posted the network tab of calling the PHP Script directly :) – Lukas Dec 20 '16 at 16:05

0 Answers0