CORS error with Jquery Ajax call when header is set

StackOverflow https://stackoverflow.com/questions/23616647

  •  21-07-2023
  •  | 
  •  

Pregunta

the following code works just fine:

$.ajax({
  type: 'POST',
  url: baseUrl+"/users",                                                 
  data: data,
});

However, if I add an Authorization header:

$.ajax({
  type: 'POST',
  url: baseUrl+"/users",
  data: data,                                            
  headers: {
    Authorization: clientAuth,                                           
  },
});

Then I get the following error:

XMLHttpRequest cannot load http://0.0.0.0:8080/users. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://0.0.0.0:9000' is therefore not allowed access. (this is in chrome, but I get a similar error in firefox).

What is weird is that my server is configured to handle CORS, Access-Control-Allow-Origin IS set! Look at the OPTIONS request/response:

In case it helps, here is the CURL for both requests:

enter image description here

options:

curl 'http://0.0.0.0:8080/users' -X OPTIONS -H 'Access-Control-Request-Method: POST' -H 'Origin: http://0.0.0.0:9000' -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36' -H 'Accept: */*' -H 'Referer: http://0.0.0.0:9000/' -H 'Connection: keep-alive' -H 'Access-Control-Request-Headers: accept, authorization, content-type' --compressed

post:

curl 'http://0.0.0.0:8080/users' -H 'Accept: */*' -H 'Referer: http://0.0.0.0:9000/' -H 'Origin: http://0.0.0.0:9000' -H 'Authorization: YXBwRnJldGlzdGE6cGFzc3dvcmQ=' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'grant_type=bearer&username=vitor%40freta.la&password=123456' --compressed

Why am I getting this error? I can't even tell if the problem is client or server-side, because I am sending all the headers needed for CORS requests! Any help will be appreciated! Thanks!

¿Fue útil?

Solución

Try to add Basic before you clientAtuh:

'Authorization: YXBwRnJldGlzdGE6cGFzc3dvcmQ='

Becomes:

'Authorization: Basic YXBwRnJldGlzdGE6cGFzc3dvcmQ='

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top