I know this is most searched issue in google, still it didn't worked for me. I am trying to call cross domain request from jquery ajax to services running in wildfly with spring authentication.
Service invocation has happened successfully for anonymous authentication, but when i added authorization it is giving below error.
Failed to load , Response for preflight is invalid (redirect) {"readyState":0,"status":0,"statusText":"error"}
below is my $.ajax code.
$.ajax({
type: 'GET',
url: actionURL,
crossDomain: true,
xhrFields: {
withCredentials: true
},
headers: {
'Authorization': 'Basic ' + btoa('username:pwd')
},
//dataType: 'jsonp',
success: function(data) {
console.log('Status: ok'+JSON.stringify(data));
},
error: function (data) { console.log("errosdsrddd!!" + JSON.stringify(data)); }
});
and I have enabled cors in wildfly server with following config
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<https-listener name="default-https" tcp-keep-alive="true" read-timeout="600000" socket-binding="https" security-realm="ApplicationRealm" verify-client="REQUESTED"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="Access-Control-Allow-Origin"/>
<filter-ref name="Access-Control-Allow-Methods"/>
<filter-ref name="Access-Control-Allow-Headers"/>
<filter-ref name="Access-Control-Allow-Credentials"/>
<filter-ref name="Access-Control-Max-Age"/>
<single-sign-on/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<session-cookie http-only="true" secure="true"/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="*"/>
<response-header name="Access-Control-Allow-Methods" header-name="Access-Control-Allow-Methods" header-value="GET, POST, OPTIONS, PUT"/>
<response-header name="Access-Control-Allow-Headers" header-name="Access-Control-Allow-Headers" header-value="accept, authorization, content-type, x-requested-with"/>
<response-header name="Access-Control-Allow-Credentials" header-name="Access-Control-Allow-Credentials" header-value="true"/>
<response-header name="Access-Control-Max-Age" header-name="Access-Control-Max-Age" header-value="1"/>
</filters>
</subsystem>
tried all the ways in front end and back end still no luck.
It would be appreciable for any suggestions and solutions.
please refer below for header info.
General
Request URL:<url>
Request Method:OPTIONS
Status Code:401 Unauthorized
Remote Address:192.168.175.73:8445
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:accept, authorization, content-type, x-
requested-with
Access-Control-Allow-Methods:GET, POST, OPTIONS, PUT
Access-Control-Allow-Origin:*
Access-Control-Max-Age:1
Connection:keep-alive
Content-Length:114
Content-Type:text/html;charset=UTF-8
Date:Tue, 09 Jan 2018 06:29:25 GMT
Server:WildFly/10
Set-Cookie:JSESSIONID=x1noix9B_CC_bg3b-
OhykAXTs7wwWpk3CEcygeKB.syncgdc1769; path=/syntbotsservices;
secure; HttpOnly
WWW-Authenticate:Basic realm="Spring Security Application"
X-Powered-By:Undertow/1
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.9
Access-Control-Request-Headers:authorization,cache-control,postman-token
Access-Control-Request-Method:GET
Connection:keep-alive
Host:192.168.175.73:8445
Origin:http://localhost:8081
User-Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/63.0.3239.132 Safari/537.36
