科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - jQuery.ajax doesn't send Authorization header with OPTIONS request - Stack Overflow

    javascript - jQuery.ajax doesn't send Authorization header with OPTIONS request - Stack Overflow

    programmeradmin3浏览0评论

    It appears that jQuery doesn't send along the Authorization header when sending an OPTIONS request before a POST request (or possibly other types). The server I'm trying to reach is returning a 401 status for the OPTIONS request - how can I force jQuery to include the Authorization header, even in this initial request?

    $.ajax({
    type: "POST",
    url: url,
    data: postData,
    beforeSend: function ajaxBeforeSend(jqXHR) {
        jqXHR.withCredentials = true;
        jqXHR.setRequestHeader("Authorization", "Basic " + btoa(encodeURIComponent(escape($username.val())) + ":" + encodeURIComponent(escape($password.val()))));
    },
    success: runReportUrlCallback,
    error: runReportErrorCallback
});

    I also tried adding username and password to the ajax options, to no avail.

    It appears that jQuery doesn't send along the Authorization header when sending an OPTIONS request before a POST request (or possibly other types). The server I'm trying to reach is returning a 401 status for the OPTIONS request - how can I force jQuery to include the Authorization header, even in this initial request?

    $.ajax({
    type: "POST",
    url: url,
    data: postData,
    beforeSend: function ajaxBeforeSend(jqXHR) {
        jqXHR.withCredentials = true;
        jqXHR.setRequestHeader("Authorization", "Basic " + btoa(encodeURIComponent(escape($username.val())) + ":" + encodeURIComponent(escape($password.val()))));
    },
    success: runReportUrlCallback,
    error: runReportErrorCallback
});

    I also tried adding username and password to the ajax options, to no avail.

    • javascript
    • jquery
    • ajax
    • cors
    Share Improve this question asked Feb 23, 2015 at 5:17 Josh M.Josh M. 27.8k27 gold badges131 silver badges222 bronze badges 3
    • possible duplicate of Why does the preflight OPTIONS request of an authenticated CORS request work in Chrome but not Firefox? – suish Commented Feb 23, 2015 at 5:48
    • Seems like make the server not requiring auth on OPTIONS request is the only way to fix it. – suish Commented Feb 23, 2015 at 5:49
    • I don't "own" the server. It's a 3rd party web service. – Josh M. Commented Feb 23, 2015 at 5:52
    Add a ment  | 

    1 Answer 1

    Reset to default 5

    It seems that the 3rd party server has been configured incorrectly without the OPTIONS request in mind.

    W3 states that preflight OPTIONS request must:

    Exclude user credentials.

    User credentials are defined:

    The term user credentials for the purposes of this specification means cookies, HTTP authentication, and client-side SSL certificates

    See https://www.w3/TR/cors/#cross-origin-request-with-preflight-0

    If the server is in your control then you simply put the OPTIONS request handler in front of your auth check.

    If the server is NOT in your control, which seems to be the case here, then you moan at the server administrator explaining they've done it wrong and hope they change it.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论