I can't seem to get my $.ajax call to work correctly

Question

Possible Duplicate:
cross-origin ‘Authorization’-header with jquery.ajax()

JQuery

I am using http://code.jquery.com/jquery-1.7.2.min.js

If i type ->http://pol638_047fe0/JSON.HTML?FN=GetPages&PIN=7659 in a browser i receive a file with my json content

Javascript

var url = 'http://pol638_047fe0/JSON.HTML';

$.ajax({
url:      url,
type:     'GET',
dataType: 'json',
username: 'ADMIN',
password: '1234',
data: {
    'FN':  'GetPages',
    'PIN': '7659' 
},
xhrFields: {
    withCredentials: true
},
sucess: function(data) {
    alert('done');
    console.log('data', data);
}
});

Chrome Developer Tool

Console output: Origin null error

XMLHttpRequest cannot load http://pol638_047fe0/JSON.HTML?FN=GetPages&PIN=7659. Origin null is not allowed by Access-Control-Allow-Origin.

This doesn't really bother me, because the server shouldn't care who accesses the data with the correct username and password.

Network Header:

Request URL:http://pol638_047fe0/JSON.HTML?FN=GetPages&PIN=7659
Request Headersview source
Accept: '*/*'
Cache-Control: max-age=0
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko)       Chrome/23.0.1271.64 Safari/537.11
Query String Parametersview URL encoded
FN: GetPages
PIN: 7659

Ok. Something definitly went wrong here..

Now the strange thing is if i add this ajax call to the code:

...
$.ajax({
url : url,
data: {
    'FN'    : 'GetPages',
    'PIN'   : '7659' 
}
});

I receive another JSON.HTML File under Network with the correct response:

Request URL: http://pol638_047fe0/JSON.HTML?FN=GetPages&PIN=7659
Request Method: GET
Status Code: 200 OK
Request Headersview source
Accept: application/json, text/javascript, '*/*'; q=0.01
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Authorization: Basic QURNSU46U0JUQWRtaW4h
Cache-Control: max-age=0
Connection: keep-alive
Host: pol638_047fe0
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko)     Chrome/23.0.1271.64 Safari/537.11
Query String Parametersview URL encoded
FN: GetPages
PIN: 7659
Response Headersview source
Connection: close
Content-Type: application/octet-stream
Server: Keil-EWEB/2.1

Response:

[{"pg":0,"descr":"PC1"},{"pg":1,"descr":"PC2"},{"pg":2,"descr":"PC3"},{"pg":3,"descr":"HG1"},{"pg":4,"descr":"HG2"},{"pg":5,"descr":"HG3"},{"pg":6,"descr":"HG4"},{"pg":7,"descr":"DW1"},{"pg":8,"descr":"DW2"},{"pg":9,"descr":"CMN"}]

I have run out of ideas and i am thankful for any help, or suggestions!

Tryouts

Changing the type to jsonp helps me receive a response but doesnt help much because i get a Uncaught SyntaxError: Unexpected token ILLEGAL Error. I asume that is because the response is not jsonp formated. Is there any way i can get the json response?

Changing Access Headers on Server. I don't have the rights to do that.

["the server shouldn't care" ? Really ?](http://en.wikipedia.org/wiki/Same_origin_policy) — Denys Séguret, Nov 21 '12 at 10:39
It is because the first is redirecting to authorisation code and the second is then authorised. You need to set the access headers in ALL parts of your server code — mplungjan, Nov 21 '12 at 10:39
for a cross-domain XMLHttpRequest the datatype should be jsonp — Mithun Satheesh, Nov 21 '12 at 10:41
http://stackoverflow.com/questions/3595515/xmlhttprequest-error-origin-null-is-not-allowed-by-access-control-allow-origin — Mithun Satheesh, Nov 21 '12 at 10:43
@dystroy — Unless it is something that needs to defend against cross site request forgery, yes, really. The Same Origin Policy is the browser caring. — Quentin, Nov 21 '12 at 10:43
@Quentin Any page asking for authentication should defend against cross domain attacks. — Denys Séguret, Nov 21 '12 at 10:45
Wow thats fast @mplungjan If i add access headers i get a new Error Status Code:501 Not Implemented — user1841515, Nov 21 '12 at 10:48
@mithunsatheesh I cant use jsonp because the response is json formated and not jsonp and wouldnt get accepted — user1841515, Nov 21 '12 at 10:54
@dystroy — No, you only need to worry about csrf when the request is idempotent. It doesn't matter if it is authenticated or not. — Quentin, Nov 21 '12 at 10:56
@mithunsatheesh mhh maybe i understand jsonp wrong im going to try it — user1841515, Nov 21 '12 at 11:08
just check the link in above comment.. it explains all the cases.. — Mithun Satheesh, Nov 21 '12 at 13:20

abdhoms · Answer 1 · 2012-11-21T18:09:19.690

0

I recommend you to read this article: http://www.codeproject.com/Articles/42641/JSON-to-JSONP-Bypass-Same-Origin-Policy

XMLHttpRequest (ajax requests) doesn't allow you to make cross-domain calls. This is a restriction set by the browser itself. But it works perfectly well if you have your web service (or your Web API) running on the same domain (same as your website). Look up Same_origin_policy

edited Nov 21 '12 at 18:09

answered Nov 21 '12 at 17:49

abdhoms

173
1
11

I can't seem to get my $.ajax call to work correctly

I have run out of ideas and i am thankful for any help, or suggestions!

1 Answers1