I am trying to make a POST request to a server with a different domain, that requires basic authentication.
I have tried every combination of beforeSend and withCredentials, but the basic auth headers are never sent through in the OPTIONS preflight request.
$.ajax({
url: anotherdomain,
data: data,
cache: false,
contentType: false,
processData: false,
type: 'POST',
dataType:'json',
xhrFields: {
withCredentials: true
},
crossDomain: true,
beforeSend: function(xhr) {
xhr.setRequestHeader('Authorization', 'Basic *');
xhr.withCredentials = true;
}
The only way i can seem to get this request to succeed is by setting dataType to 'jsonp', or setting the request 'type' to a GET.
Is the only solution to this problem to remove the Basic Auth requirement from the anotherdomain server for OPTIONS requests?
Thanks.
You will have to also allow headers on the server: Here is a php example (this is open for request for all origins, I suggest you limit it only to the site generating the ajax):
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.