1

Following documentation i put together this simple request. Every time i run this request i still get a 401 Authorization Required. I know the access token is fine because i use the same token using get to populate my models and it works fine it's only when i use post and place my token in the request headers.

Anyone else had this issue before? 

     jQuery.ajax( {
        url: 'http://customer-server-2.dev/api/documents/add/.json',
        type: 'POST',
        data : {
             guid : $('.guid-input').val(),
             title : $('.title-input').val(),
             payload : $('.payload-input').val()
        },
        beforeSend : function( xhr ) {
            xhr.setRequestHeader( 'Authorization', 'BEARER ' +      app.AccessToken );
        },
        success: function( response ) {
            console.log(response);
        },
        error : function(error) {
            console.log(error);
        }
    } );

response header
HTTP/1.1 401 Authorization Required
Date: Wed, 08 Apr 2015 12:20:28 GMT
Server: Apache/2.2.26 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.6
PHP/5.5.10 mod_ssl/2.2.26 OpenSSL/0.9.8za DAV/2 mod_perl/2.0.8 Perl/v5.18.2
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, x-xsrf-token, Authorization
X-Powered-By: PHP/5.5.10
WWW-Authenticate: Bearer realm="Service", error="invalid_request", error_description="The access token was not found."
Content-Length: 81
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html

request header
OPTIONS /api/documents/add/.json HTTP/1.1
Host: customer-server-2.dev
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://test-client-app.dev
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2354.0 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: /
Referer: http://test-client-app.dev/index.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

John williams
  • 654
  • 1
  • 8
  • 22
  • It looks like you may be running into a cross-domain security issue. You may want to look into [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS), this [article](http://stackoverflow.com/questions/10093053/add-header-in-ajax-request-with-jquery), maybe [this](http://stackoverflow.com/questions/298745/how-do-i-send-a-cross-domain-post-request-via-javascript) and also [this](http://stackoverflow.com/questions/2558977/ajax-cross-domain-call). These articles explain it a lot more than I can fit in this little comment :) – BobbyDazzler Apr 08 '15 at 11:15
  • Yea i have already set by htaccess to accept CORS – John williams Apr 08 '15 at 12:05
  • Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH, DELETE" Header always set Access-Control-Allow-Headers "X-Accept-Charset,X-Accept,Content-Type, x-xsrf-token, Authorization" RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]] – John williams Apr 08 '15 at 12:06
  • I have put my request/response headers in the question now – John williams Apr 08 '15 at 12:27
  • Please check this if its works for you https://stackoverflow.com/a/62317987/7225569 – akash gaur Jun 11 '20 at 06:15

0 Answers0