javascript - Making a cross domain request with authentication header -


first of all, server (not mine) returns following headers:

access-control-allow-origin: * access-control-allow-credentials: true

i'm trying find out how pass request site authentication token. i'm running code on local apache server.

this code:

function get_data(){     var url = '$url';     var x = new xmlhttprequest();     x.open("get", url, true)      if (x.readystate == 4 && x.status == 200) {         var responsetext = x.responsetext;         console.log(responsetext)         };     x.setrequestheader("authentication", "bearer $token");     x.withcredentials = true     x.send() }

the console returns:

xmlhttprequest cannot load $url. response preflight request doesn't pass access control check: no 'access-control-allow-origin' header present on requested resource. origin 'http://localhost' therefore not allowed access. response had http status code 403.

while reading on documentation saw not allowed manually set headers. when removed x.setrequestheader("authentication", "bearer $token");i did answer server (an authentication error, obviously.) how go adding information anyway request?

the headers returned server:

request url:$serverurl request method:options status code:403 forbidden remote address:$ipaddress response headers view source cache-control:no-cache connection:close content-type:text/html request headers view source accept:"*/*" accept-encoding:gzip, deflate, sdch accept-language:nl-nl,nl;q=0.8,en-us;q=0.6,en;q=0.4 access-control-request-headers:authentication access-control-request-method:get connection:keep-alive host:$host origin:http://localhost referer:http://localhost/mv.html user-agent:mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, gecko) chrome/47.0.2526.111 safari/537.36

before actual request, browser sends option request, check "options" has requesting (allowed methods, origins etc.).

check network tab options request (preflight) browser sends. request must have appropriate response headers e.g. 

access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-methods: post, get, options

see here: https://developer.mozilla.org/en-us/docs/web/http/access_control_cors#access-control-allow-methods

since server sends 403 status header options request, means server doesnt handle options request right, or sets 403 host measure of security. unless changed, there no way can access api via xhr.


Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

Image
recently have uploaded wordpress site onto server. have uploaded wordpress site in sub-folder under root folder ../root(domain root folder)/wordpress (where host wordpress folder). now problem content data in page or post in dashboard of wordpress admin panel not showing - see image. but data showing in front view - see image. if not browser cache issue , not issue happened tinymce editor during upgrade; try add config file: define('concatenate_scripts', false);
Read more

How to get the ip address of VM and use it to configure SSH connection dynamically in Ansible -

i trying ip address of vm , trying use establish ssh vm. following script: --- - hosts: localhost become: yes connection: local gather_facts: false serial: 1 vars_files: - createvmvars.yml tasks: - name: gathering vm info. vsphere_guest: vcenter_hostname: "{{vcenter_hostname}}" username: "{{vcenter_username}}" password: "{{vcenter_password}}" guest: "{{guest_name}}" vmware_guest_facts: yes register: var - debug: msg="{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" - name: establishing ssh connection. script: /home/shasha/devops/scripts/ssh_configure.sh "{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" following content of ssh_configure.sh : #!/bin/sh ssh-keygen -t rsa ssh-copy-id $1 but when running playbook, getting following error while executing third task: error! 'var' undefined but debug module(second task) printin
Read more

javascript - Get parameter of GET request -

i make request: createxhrrequest( "get", fileurl, function( err, response ) { if( err ) { alert( "error get!" ); } alert(response); }); and full response: { "status" : "ok", "message" : "jvberi0xljqkjdduxdgkmy how can jvberi0xlj ? i try response.message , response["message"]. nothing works. just simple access this: var json = json.parse(response); json.message
Read more