0

I have a number of webservices that all work. Typically, when i inspect a call in fiddler I will see something like the following;

POST /api/dosomeaction.php HTTP/1.1
Accept: application/json
Authorization: Basic BlahBlahBlah
Content-Type: application/json; charset=utf-8
Host: myhost.co.uk
Content-Length: 140
Expect: 100-continue
Connection: Keep-Alive

but when I try the same via html / ajax I get a different format of header captured. This is despite using the same authentication un/pwd.

Javascript is;

 var hash = encodeBase64("username:password");
 var request = new XMLHttpRequest();
 var params = "ExtraData" + ":" + "foo";
 request.open("POST", "http://www.myhost.co.uk/dosomeaction.php", false);
 request.setRequestHeader("Content-type", "application/json");
 request.setRequestHeader("Authorization", "Basic " + hash);        
 request.send(params);

And I get back

OPTIONS /dosomeaction.php HTTP/1.1
Accept: */*
Origin: http://localhost:2024
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.myhost.co.uk
Content-Length: 0
DNT: 1
Connection: Keep-Alive
Pragma: no-cache

When I inspect the call in Fiddler, the Auth tab says that no authorization data is present, and json / text is also empty. However the call is being made as the webserver is returning a 302 and directing me to a login page.

So my initial question is Why are authorization header and additional data not being sent?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Matt
  • 1,596
  • 2
  • 18
  • 32
  • This is OPTIONS request. The real POST request will follow. – Vladimir M Sep 19 '16 at 11:17
  • The real post request is not being sent then. All I am getting back from the server is a 302 trying to take me to the login page. But when the call is made from code on the server not html it works, and doesnt seem to send the Options header – Matt Sep 19 '16 at 11:19
  • OPTIONS are sent by the browser as part of cross-domain communication. On [302 error handling for ajax](http://stackoverflow.com/questions/1473486/jquery-ajax-is-throwing-an-error-code-302-what-is-this) – Vladimir M Sep 19 '16 at 11:22
  • ok. I do not have access to the web services on the other server, but from reading another post, I assume that the problem here is that the other server is requiring authentication to respond to OPTIONS, but as standard browsers do not send Authentication with OPTIONS requests. Guess I need to talk to the service provider. Thanks – Matt Sep 19 '16 at 11:34

0 Answers0