Converting cURL to JQuery.ajax request

Question

Hi I'm working on connecting to an API that is using Layer 7 as an IP authorizer and eGalaxy as a credentials authorizer, when the curl request is sent a line of xml is sent back to me. I'm currently working on localhost, I've implemented the Access-Control-Allow-Origin chrome extension .

My curl request looks as such:

curl https://client-url/eGalaxy.aspx -H 'Content-Type:text/html' --data '<?xml version:"1.0" encoding="UTF-8"?><Envelope><Header><SourceID>0</SourceID><MessageID>131</MessageID><MessageType>Authenticate</MessageType></Header><Body><Authenticate><Username>*username*</Username><Password>*password*</Password><PasswordEncrypted>NO</PasswordEncrypted></Authenticate></Body></Envelope>' --insecure

When I tried to create an ajax request I receive an "Invalid HTTP status code 500" error and "OPTIONS url" which drops down to show:

n.ajaxTransport.k.cors.a.crossDomain.send   @   jquery-2.1.3.js:4
n.extend.ajax   @   jquery-2.1.3.js:4
(anonymous function)    @   VM947:2
InjectedScript._evaluateOn  @   VM899:895
InjectedScript._evaluateAndWrap @   VM899:828
InjectedScript.evaluate @   VM899:694

My ajax code is as follows:

$.ajax({
  url:'https://client-url/eGalaxy.aspx', 
  data:'<?xml version:"1.0" encoding="UTF-8"?><Envelope><Header>
        <SourceID>0</SourceID><MessageID>131</MessageID>
        <MessageType>Authenticate</MessageType></Header><Body>
        <Authenticate><Username>*username*</Username>
        <Password>*password*</Password>
        <PasswordEncrypted>NO</PasswordEncrypted></Authenticate></Body>
        </Envelope>', 
   type:'POST', 
   contentType:'text/xml', 
   dataType:'xml',
   success: function(data){
   },
   error: function(){
   }
 });

Any help with translating into a proper AJAX request would be appreciated!

EDIT: If this makes a difference these are the headers that are returned with the client's xml when the curl is complete(client information deleted)

This application will be made into a widget as well, so it will not be running off of a hosting site.

UPDATE 1: I'm using @KevinB's suggestion that the CORS headers were still not properly added.

Here is my updated JS code, copied from this link :

var url = 'https://client-url/eGalaxy.aspx';
var data = '<?xml version="1.0" encoding="UTF-8"?><Envelope><Header><SourceID>1</SourceID><MessageID>131</MessageID><MessageType>Authenticate</MessageType></Header><Body><Authenticate><Username>*username*</Username><Password>*password</Password><PasswordEncrypted>NO</PasswordEncrypted></Authenticate></Body></Envelope>';
var xhr = createCORSRequest('POST', url);
xhr.send(data);
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
// Check if the XMLHttpRequest object has a "withCredentials" property.
// "withCredentials" only exists on XMLHTTPRequest2 objects.
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
// Otherwise, check if XDomainRequest.
// XDomainRequest only exists in IE, and is IE's way of making CORS requests.
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
// Otherwise, CORS is not supported by the browser.
xhr = null;
}
return xhr;
}
var xhr = createCORSRequest('GET', url);
if (!xhr) {
throw new Error('CORS not supported');
}

When run with the CORS Chrome extension off I receive an Access-Control-Allow-Origin =! 'null' error. Knowing that CORS needs Access-Control-Allow-Origin header to =! 'null' will this cause problems in the future with making this into a widget that will be put into a Content Manager system?

With it on the origin is set to 'www.evil.com', with the only error in the code being that it says the xhr.send() is an anonymous method. Using breakpoints I can see the xhr in xhr.send() is set to an empty request:

> XMLHttpRequest {response: "", responseText: ""}

Inside the createCORSRequest this line is undefined. I've tested using 'GET' and 'POST' as the method.

xhr.open(method, url, true)

EDIT 2: Using @Fabiano's approach I've changed the web.config for two versions of what I suspect is my server(?). I'm attaching screenshots of what I've gone through No luck, so far. Decided to use xhr.AppendHeader: I decided to use xhr.setRequestHeader("Access-Control-Allow-Origin", "*"); The Network tab Headers for eGalaxy.aspx

Answer 1

There is an error in your XML. You put version:"1.0" , and this makes the XML invalid. Change to version="1.0" and try to make your request. It should work. This may be the cause for the "Bad request" error.

You can validate your XML here: enter link description here

EDIT: After some research, the problem may be with the headers sent by your server. Your server (or page, .aspx in this case) seems to skip the header you need, the "Access-Control-Allow-Origin: *".

Look at this link: http://enable-cors.org/server.html This site shows you how to implement it for your server. Since the page you are requesting is called eGalaxy.aspx, then you have 2 ways to implement the headers:

1- Put the line Response.AppendHeader("Access-Control-Allow-Origin", "*"); if the page is a simple ASP.NET application. If it uses Web API 2, you need to implement a different way as it is shown here: http://enable-cors.org/server_aspnet.html

2- Edit the web.config file on the root of your server and add these lines inside the tag:

   <httpProtocol>
     <customHeaders>
       <add name="Access-Control-Allow-Origin" value="*" />
     </customHeaders>
   </httpProtocol>

For a ASP.NET application, these are the ways you have. The link I mentioned has solutions for other applications, take a look and choose the right one. :)

Note that the value * tells you that your server will accept any cross-origin request. This may lead to a security issue, so the best you can do is to put your domain address instead of *.

I hope it helps!