0

expected result image; please view it for better understanding:
expected result image; please view it for better understanding

Please find below code; when a user clicks on button I get all the HTTP headers except Authroization Header without which I can not get the response so I hardcoded it with xhttp.setRequestHeader ('Authorization', 'Bearer') but I need its value; each user will have different authorization value. Please find all the headers in snapshot.

I have hard coded the Authorization header in code.

<html>
<body>
<button type='button' onclick='cors()'>CORS</button>
<p id='demo'></p>
<script>
function cors() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
var a = this.responseText;
document.getElementById("demo").innerHTML = a;
xhttp.open("POST", "http://xyz . com", true);
xhttp.withCredentials = true;
console.log(a);
xhttp. send("data="+a);
}
};
xhttp.open("GET", "https://api. xyz. com/v1/users/", true);
xhttp.withCredentials = true;
xhttp.setRequestHeader("Authorization", "Bearer ");
xhttp.send();

}
</script>
</body>
</html>

I want to add only cookie `[test_token] value into Authorization header; after adding the test_token the header should look like 'Authorization: Bearer test_token' The cookie should be added into authorization header prior to showing the response.

double-beep
  • 5,031
  • 17
  • 33
  • 41
Kamran Mohsin
  • 1
  • 2

1 Answers1

1

You can't.

In order to insert the cookie into the Authorization header, you would need to read it with JavaScript.

Since the cookie is on the outgoing request, and that is a cross-origin request, the cookie is set on a different origin, so you can't read it.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335