You cannot make arbitrary requests outside of your domain from the client side using AJAX. See for example:
Connecting datapower and worklight client side
-
04-06-2022 - |
Question
Im trying to connect a worklight app with a datapower using $.ajax() from the client side using this code on the main js:
function authDP(username, password) {
$.ajax("http://192.168.44.201:2051/cotizador", {
success : function() {
var invocationData = {
adapter : "B2CAdapter",
procedure : "setUserIdentity",
parameters : [ username, password ]
};
myChallengeHandler.submitAdapterAuthentication(invocationData, {});
alert("Login correcto");
},
error : function(xhr, status, error) {
alert("Failed: " + status + " ; " + error);
},
headers : {
"Authorization" : "Basic "
+ Base64.encode(username + ":" + password)
}
});
}
but the chrome console returns this (on chrome):
OPTIONS http://192.168.44.201:2051/cotizador 401 (Unauthorized) wljq.js:8542
OPTIONS http://192.168.44.201:2051/cotizador Origin http://pc-ayi-0204:10080 is not allowed by Access-Control-Allow-Origin. wljq.js:8542
XMLHttpRequest cannot load http://192.168.44.201:2051/cotizador. Origin http://pc-ayi-0204:10080 is not allowed by Access-Control-Allow-Origin.
and this on firefox:
[11:55:22.272] OPTIONS http://192.168.44.201:2051/cotizador [HTTP/1.1 401 Unauthorized 38ms]
Is there something that im missing on the headers? Because in the firefox console/request/headers/ section i only see this:
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
Origin:http://pc-ayi-0204:10080
Host:192.168.44.201:2051
Connection:keep-alive
Access-Control-Request-Method:GET
Access-Control-Request-Headers:authorization
Accept-Language:es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding:gzip, deflate
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
and i dont see the Basic user:pass values, is this correct?
Solution
OTHER TIPS
I am trying to look into following piece of error
OPTIONS http://192.168.44.201:2051/cotizador 401 (Unauthorized) wljq.js:8542 OPTIONS http://192.168.44.201:2051/cotizador **Origin http://pc-ayi-0204:10080 is not allowed by Access-Control-Allow-Origin.** wljq.js:8542 XMLHttpRequest cannot load http://192.168.44.201:2051/cotizador. Origin http://pc-ayi-0204:10080 is not allowed by Access-Control-Allow-Origin.
I am not sure what construct you are calling on datapower [MPGW or Web service proxy] but whatever it is, it seems to have ACL applied on its Front Side Handler. That ACL defines IP addresses which are allowed to call the construct. I am not sure what is the exact use case in your scenario but to correct the problem you need to remove the ACL from the Datapower Front Side Handler object.
- Ajitabh