Before I am doing a cross domain call to a server with service stack I am successfully authenticated and get my token.
Now I want to do another call to retrieve data:
$.ajax({
beforeSend: function(xhr) {
xhr.setRequestHeader('Authorization', 'Basic ' + getToken());
},
type: "GET",
url: requestUrl,
xhrFields: {
withCredentials: true
},
async: true,
dataType: 'json',
crossDomain: true
})
When I look in my google chrome dev tools console I see this:
OPTIONS http://MyPc.company:82//customers 404 (Not Found)
OPTIONS http://MyPc.company:82//customers Invalid HTTP status code 404
XMLHttpRequest cannot load http://MyPc.company:82//customers.
Invalid HTTP status code 404 (index):1
When I look into fiddler I see this request:
Inspectors => Auth: No Authorization Header is present.
Inspectors => Raw:
OPTIONS http://MyPc.company:82//customers HTTP/1.1
Host: MyPc.company:82
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Access-Control-Request-Method: GET
Origin: http://MyPc.company
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36
Access-Control-Request-Headers: access-control-allow-origin, accept, access-control-allow-headers, authorization, access-control-allow-methods, content-type
Accept: */*
Referer: http://MyPc.company/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Why is the authorization header not sent? That seems at first sight the origin problem to me.
In JavaScript
jQuery.support.cors = true;
function make_base_auth(user, password) {
var tok = user + ':' + password;
var hash = btoa(tok);
return "Basic " + hash;
}
function DoTest() {
var TestRequest = new Object();
TestRequest.name = "Harry Potter";
TestRequest.Id = 33;
var username = "admin";
var password = "test";
$.ajax({
type: 'Post',
contentType: 'application/json',
cache: false,
async: false,
url: serverIP + '/TestAPI/'+ TestRequest.Id,
data: JSON.stringify(TestRequest),
dataType: "json",
beforeSend: function (xhr) {
xhr.setRequestHeader("Authorization", make_base_auth(username, password));
},
success: function (response, status, xhr) {
var s= response.message;
},
error: function (xhr, err) {
alert(xhr.statusText);
}
});
}
Service configuration should be enabled for CORS like
Plugins.Add(new CorsFeature(allowedHeaders: "Content-Type, Authorization"));
maybe my previous answer can help you.
Or even better the following blog post from Community Resources