Same origin policy response in Angular JS and Spring security OpenId Integration

StackOverflow https://stackoverflow.com/questions/18508857

Question

I am working on an angularjs application and trying to integrate Spring Security 3 - OpenId for the application.

Each time the login request goes to the OpenId server and I provide the credentials, I get a response code 0 instead of the return url of openid.

Here is the code snippet,

scope.$on('event:loginRequest', function(event, openid) {
         if (scope.loginTry < 1) {
             scope.loginTry = 1;
         }

         var payload = $.param({openid_identifier: openid});

         var config = {
             headers: {'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'}
         }

         $http.post('j_spring_openid_security_check', payload, config).success(function(data, textStatus, jqXHR, dataType) {
                //alert('success');

         });
  });

Please guide me what should I do to get proper response url from the server. And why do server always returns response status 0(Same-origin-policy)

Was it helpful?

Solution

You are sending a simple HTTP request to your openid authenticator(Either of Google,Yahoo,MyOpenID,Facebook etc.) Which on return provides you their page to enter your credentials or choose from your logged in accounts(in case of multiple accounts logged in). As soon as you enter your credentials or select your account to login, the request is redirected as a HTTPS request to the openid authenticator and that authenticator will authenticate you and return you your unique openid return url.

In your case a simple HTTP request (http, your-website.com, 80) was raised from your angularjs application which was then redirected to a secure HTTPS request (https, your-website.com, 443) to authenticator, which turns out to be a "same origin policy" issue and you see a Response code 0.

To solve this either you should use a HTTPS post request from your angularjs application(if it allows you to) or you should prefer to use a simple jsp form and not an ng-form So now your https post request will be redirected to authenticators https request and you will recieve your return openid url.

For details on the policy please visit same origin policy

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top