0

I am trying to send a api call from my javascript with contentType: "application/x-www-form-urlencoded", But the call also requires we to include the session-token to be included in the header and when I do both of them together it gives me error. How to send both of header and content type together?

Request:

function g_ajaxerV2Receive(url_str, ok_cb, fail_cb){
    $.ajax({
        url: url_str,
        type: "POST",
        crossDomain: true,
        data: "",
        success: ok_cb,
        error: fail_cb,
        timeout: 60000,
        dataType: "json",
        contentType: "application/x-www-form-urlencoded",
        headers: {
            "Session-Token:" + String(SessionToken), //Token is in variable
        }
    });
}

The error that I get when both contentType and Header exist:

Access to XMLHttpRequest at 'https://API-URL' from origin 'http://127.0.0.1:5505' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

And the requirement for the call is that we need both The session token and the application/x-www-form-urlencoded.

The allowed CURL requestExample:

curl 'https://URL-HERE'
  -H 'Session-Token: session_token_here'
lucifer
  • 1
  • 2
  • The server has to give you permission (via CORS) before you can send custom headers. – Quentin Feb 25 '22 at 16:18
  • Hey how can he configure that? I am contacting a third party service and I have no control over it. I am able to connect to them with my request but the only thing i cannot do is send both session token and "application/x-www-form-urlencoded" together in one request and due to which I have getting 403 error. – lucifer Feb 25 '22 at 16:25
  • I have no idea how the third party's server side environment is set up. (And the problem is purely down to setting the custom header, there's no CORS restriction on *sending* a `application/x-www-form-urlencoded` header.) – Quentin Feb 25 '22 at 16:27
  • Understood. I am able to get all data when I test API on postman or on Reqbin so i thought that i might be doing something wrong. Because I make an initial call to receive the Session-Token and that works, but on the next request where i need to send the received session token as a header i am getting that error. – lucifer Feb 25 '22 at 16:30
  • The duplicate question explains why only browsers care about CORS. – Quentin Feb 25 '22 at 16:30

0 Answers0