intercept response header with jquery ajax request

Question

Exactly what the title suggests:

I perform an ajax request to my server, it responds with a 403 but there are headers I want to retrieve and save on localStorage. This is for a phonegap app (Android and iOS), so the initiating domain isLocal (file://). When performing the call, I use the following code to try to intercept the response, but it returns undefined or an empty string.

Ajax:

    $.ajax({
        url: serverLink+action,
        type: "POST",
        data: "access_token="+accessToken+"&uid="+uid,
        crossDomain: true,
        complete: function(resp){
            var header = resp.getAllResponseHeaders();
            var match = header.match(/(Set-Cookie|set-cookie): (.+?);/);
            if (match) session = match[2];
            console.log(header, session)
        }
    })

Response Headers

Connection  Keep-Alive
Content-Encoding    gzip
Content-Length  1198
Content-Type    text/html
Date    Fri, 13 Apr 2012 22:51:02 GMT
Keep-Alive  timeout=15, max=100
Server  Apache/2.2.14 (Ubuntu)
Set-Cookie  sessionid=ebd26167e32bada2d2ed0bd3cc16d8a2; expires=Fri, 27-Apr-2012 22:51:02 GMT; Max-Age=1209600; Path=/
Vary    Cookie,Accept-Encoding

Further reading led me to here, which speaks of the CSRF on a django server. We are using a django server and either this or the 403 is the problem I suspect. There doesn't seem to be a way (from the example answer there) to collect the cookie from webview and send it back to the server on subsequent requests.

GillesC · Answer 1 · 2012-04-13T23:28:22.613

1

use the jquery XHR object which as a method getAllResponseHeaders() which should provide what you are after.

http://api.jquery.com/jQuery.ajax/

edited Apr 13 '12 at 23:28

answered Apr 13 '12 at 23:07

GillesC

10,647
3
40
55

Right, but since it's a 403 Forbidden access, I it's not firing because it doesn't succeed. That's why I use the 'complete' where the first object is the jqXHR object. – Scorpius Apr 13 '12 at 23:13
You can also get it by doing var jqXHR = $.ajax(); ajax returns it and the same is available. – GillesC Apr 13 '12 at 23:14
I tried your recommendation [link](http://pastebin.com/pCWcHwK8) but the var jqXHR = $.ajax() returns null while the jqXHR from the erro callback is an empty string. – Scorpius Apr 13 '12 at 23:23
try using error(jqXHR, textStatus, errorThrown), same usage as success but is triggered on errors, like a 403 – GillesC Apr 13 '12 at 23:27
Yeah, you can see from the pastebin [link](http://pastebin.com/pCWcHwK8), I've tried all callbacks that expose the xhr object, complete, success, error, $.ajax as a var, and statusCodes. – Scorpius Apr 13 '12 at 23:37
Ah, yes, you are using crossdomain the doc state it doesn't trigger then, should have spotted that faster – GillesC Apr 13 '12 at 23:41
It even occurs without the crossDomain option enabled, but since the request is originating from file:// protocol on android/iOS, is it still considered cross-domain? Is there a way to get the xhr object (or headers) in this case? – Scorpius Apr 13 '12 at 23:52
I imagine that if this is the csrf issue then I need to first get the token from the server somehow and then send it with the headers on subsequent requests. – Scorpius Apr 13 '12 at 23:56

score 0 · Accepted Answer · edited May 23 '17 at 10:29

0

This problem was most definitely caused by CSRF protection on the django server. Disabling or implementing workarounds as per django is the only way around this.

Actually this post helped tremendously: Django CSRF check failing with an Ajax POST request

edited May 23 '17 at 10:29

Community

1
1

answered May 09 '12 at 17:22

Scorpius

999
1
10
22

intercept response header with jquery ajax request

2 Answers2