2

Before I start, I'd like to say sorry for my English, it's not my native language.

I'm trying to setup OAuth2 for GitHub authorization.

I stucked at the step, where I should send POST request to github and receive access token. The problem is that when I send POST request my browser automatically downloads file with access token. Since I can't open this file with javascript, I'm trying to get json as response.

In the documentation it's written that I can change accept header and receive json, but I can't write correct POST request.

I've already tried a lot of things, like this:

$.ajax({
  method: "POST",
  url: "https://github.com/login/oauth/access_token",
  dataType: "application/json"
});

or

$.ajax({
    url: 'https://github.com/login/oauth/access_token',
     headers: {          
         Accept : "application/json",          
     }     
    data: "data",    
    success : function(response) {  
        console.log(response);  
} })

etc

But I get this error:

XMLHttpRequest cannot load github.com/login/oauth/access_token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://braga.fedyunin.com.ua' is therefore not allowed access. The response had HTTP status code 404.

Can't find any useful information in google, so I had to register here. Thanks for help.

Dmitriy Braga
  • 21
  • 2
  • 1
    http://stackoverflow.com/questions/7686827/how-can-i-add-a-custom-http-header-to-ajax-request-with-js-or-jquery – F.bernal May 11 '16 at 12:45
  • `$.ajax({ url: your_link, type: "POST", success:function(response){ console.log(response); } })` – MakeLoveNotWar May 11 '16 at 12:50
  • @F.bernal thanks for fast reply. I tried request like in that topic, but I still get this error: – Dmitriy Braga May 11 '16 at 12:50
  • maybe this will help - http://stackoverflow.com/a/7686916/1816407 – MakeLoveNotWar May 11 '16 at 12:52
  • your problem is not in the header to obtain the response in JSON, your problem is in **No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://braga.fedyunin.com.ua' is therefore not allowed access. The response had HTTP status code 404.** You are missing something to authenticate with github. – F.bernal May 11 '16 at 12:54

3 Answers3

1

Read https://developer.github.com/v3/ in section: Cross Origin Resource Sharing

F.bernal
  • 2,594
  • 2
  • 22
  • 27
1

I tried the same thing, but also failed due to the lack of the Access-Control-Allow-Origin header in the response from GitHub API. I contacted GitHub support and found out what was going wrong.

It doesn't work because you are attempting to use OAuth from a web application, which GitHub API does not support. When you authenticate this way, your client_id and client_secret must be in the web page somewhere and sent with the POST request. The entire request, including your client_secret, can be viewed with Firebug or a similar tool. Because it's a bad idea to expose your client_secret, GitHub API will not return the Access-Control-Allow-Origin header, thus preventing you from retrieving the token.

You must issue the POST from the server side and get the token that way. When you do that, the client_secret is on your server, not in people's browsers.

Jeff Schering
  • 66
  • 3
0

The Ajax request from your site to github.com fails because browsers follow the same origin policy for xhr requests. This means that an xhr request can only be made for a resource on the same origin. To allow for cross origin requests, the server needs to Whitlelist domains that can access a particular resource.

In your case, to do this, you need to register your site as an application on your github account, by entering the details here:https://github.com/settings/applications/new

deborah-digges
  • 1,165
  • 11
  • 19