I'm working with an endpoint that seems to be built on Django.
Attempting to setup basic aJax communication to it via POST I wrote:
jQuery.ajax({
type: "POST",
url: "http://API-ENDPOINT-URL",
data: "",
dataType: "json",
crossDomain: false,
beforeSend: function(xhr){
xhr.withCredentials = false;
xhr.setRequestHeader('Authorization', 'Token <TOKEN THAT I WAS PROVIDED>' );
},
success: function(results)
{
reqListener(results)
}
});
With those code a few things happened:
I first got a CORS error since I'm trying to build on my local server. I installed this chrome extension to bypass it. (I have no access to the server to enable CORS)
2.I get this error in the console:
XMLHttpRequest cannot load http://API-ENDPOINT-URL. Response for
preflight has invalid HTTP status code 401
looking at the Chrome console for the network request I see this comes back:
{"detail":"Authentication credentials were not provided."}
What am I missing? Am I incorrectly sending the authentication token?
Doing token auth via Javascript without CORS enabled is a suicide mission.
Do yourself a favor like I did and just do it via server side.
Related
I need to make a request from my localhosted nodejs/express js client to a 3rd party API that I hosted on the cloud. However each time I am trying I get a cors error. Curiously It works when I do the same request from postman but not from localhost with my nodejs app.
$.ajax({
type: "POST",
url: url,
data: file,
processData: false,
contentType: false,
})
Any suggestion ?
Use a proxy to avoid CORS errors.get reference of this https://github.com/Rob--W/cors-anywhere/issues/301 it might help you out
I'm trying to make an AJAX POST Request from my iOS (Cordova) App. The API URL has a secure certificate on www.myDomain.ch but not without www.
When I test the Request with a tool everything works. I also tried it in a React test application, and it worked.
Only from my iOS App the Request causes in a 403 error. I've tried it with jQuery Ajax, fetch and axios. The Backend also has CORS enabled.
My AJAX call looks like:
$.ajax({
url: 'myurl',
data: JSON.stringify(dataObject),
method: 'POST',
dataType: 'json',
success: function(data) {
console.log('success', data);
},
error: function(err) {
console.log('error', err);
}
});
Requires iOS a special https certificate or is there something I have to add in the Request Header?
You probably need to declare the domain in your plist file for your app to meet iOS App Transport Security requirements. See this link:
App Transport Security
I am using jQuery ajax to send request to some API. Due to the CORS policy I got a CORS error on the browser's console
Here's by code
$.ajax({
url: sendHere,//api url
type: 'GET',
contentType: 'text/plain',
crossDomain: true,
beforeSend: function(xhr){
xhr.withCredentials = true;
},
}).done(function (result) {
console.log(result);
}).error(function (err) {
//console.log(err);
});
Error
'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.mywebsite.com' is therefore not allowed access.
I tried to solve this problem by installing a chrome extension to enable allow cross origin request. This extension somehow solved my problem and got a response from the api. But installing an extension is not good.
I also tried to make the request with JSONP(dataType:'jsonp') but the response given by the api is not in json format, it is string so it gives an error.
Code with JSONP
$.ajax({
url: sendHere,//api url
type: 'GET',
crossDomain: true,
dataType:'jsonp',
}).done(function (result) {
console.log(result);
}).error(function (err) {
//console.log(err);
});
Uncaught ReferenceError: E0002 is not defined
where "E0002" is the response string from the api
!!!PLEASE HELP!!!
There are 2 situations -
If you have control over the api code then
make changes in header and add your origin as well.
If you don't have control to change CORS header that is coming from
the api
you have only one option create a backend code(your own api) in any language you prefer that make an http request and get the data. now use your own api to get data on your frontend.
The cors error is cross origin request policy maintained by the browser for security.
To solve your problem either you will have to allow cors request in your server coding or if you do not have access to the server api code you will have to make the api call from your server to api server
I'm developing a SaaS application, users create account and login in my SaaS system. Then, the SaaS application has a JS code that customers should include this JS code in their websites, and inside the code I need to send a POST Ajax Request to my SaaS domain (it's a cross-domain request).
The problem is that in order to share the credential of logged-in users, I have to set withCredentials property and Access-Control-Allow-Credentials header to true.
I'm not sure whether this is a good approach or not? Maybe I should use another approach like using OAuth or something to share the logged-in users credential...
I will appreciate any advices.
You need to be using JSONP as your type:
$.ajax(
{
type: "POST",
url: "http://test.com/api/getlist.json",
dataType: 'jsonp',
xhrFields: {
withCredentials: true
},
crossDomain: true,
beforeSend: function(xhr) {
xhr.setRequestHeader("Cookie", "session=xxxyyyzzz");
},
success: function(){
alert('success');
},
error: function (xhr) {
alert(xhr.responseText);
}
}
);
To enable cross domain requests with credentials, your server should support CORS. With CORS enabled your client code can add the withCredentials set to true to include cookies in the requests.
Context
I'm trying to get an Access Token from the Flickr API using their their OAuth specification.
The first step to get an Access Token is to obtain a Request Token. I successfully manage to generate a correctly signed and valid URL to request this token: when I copy/paste the generated URL in my browser, I get the correct response.
Problem
As this part doesn't concern the user, I'm trying to get the Request Token by making a simple Ajax call:
console.log(baseURL + "?" + requestURL);
// When I copy/paste the log result in my browser, it works.
$.ajax({
url: baseURL,
type: 'GET',
data: requestURL,
done: function(data) {
console.log('Request Token data', data);
}
});
The problem is that I get an Access-Control-Allow-Origin issue:
XMLHttpRequest cannot load http://www.flickr.com/...
Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
I've tried using dataType: 'jsonp' as a parameter of the Ajax call without any success:
GET http://www.flickr.com/... 401 (Unauthorized)
Any ideas? Thank you very much in advance for your help!
It is not possible to implement Oauth 1.0 through just javascript without any server side script. Since the flickr's new authentication process is based on Oauth 1.0a. You got to use a server-side script.