Fail to add an HTTP header - javascript

I'm trying to produce an HTTP request with an Authorization header:
$.ajax({
type: 'GET',
url: "https://subdomain.domain.com/login",
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic " + btoa('username' + ":" + 'password'));
}})
But the request that's produced by this code does not contain an Authorization header:
OPTIONS /login HTTP/1.1
Host: subdomain.domain.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: GET
Origin: http://localhost:3021
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/12.3.4567.890 Safari/537.36
Access-Control-Request-Headers: authorization
Accept: /
Referer: http://localhost:3021/app.html
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,he;q=0.6
What am I doing wrong?

This may Solve your Problem.
$.ajax({
type: 'GET',
url: "https://subdomain.domain.com/login",
headers : {
"Authorization" : "Basic " + btoa('username' + ":" + 'password')
}
})

The problem was that I tried to make a cross-domain request do a server that does not allow CORS.
Therefore, the request I saw was a preflight request that used the OPTIONS method. If in this preflight request I had gotten the proper response CORS header, I would see my Authorization header in the real request. But since I did not pass the preflight OPTIONS request, I didn't have a real request, and therefore I didn't see the Authorization header.
I solved it by consuming the API using Node.js rather than the browser.

Related

get method working, but not post - ZapWorks Studio

I'm using zapworks studio to develop an AR experience. It uses Z.ajax to make the ajax calls. I make a GET request and a POST request. I'm also using smileupps to host couchdb(they have free hosting). Here's the CORS configuration:
credentials: false; headers:Accept, Authorization, Content-Type, Origin;
methods: GET,POST,PUT,DELETE,OPTIONS,HEAD; origins: *
Everything works fine when launching ZapWorks Studio on windows. When scanning the zapcode with an android device, however, the post ajax call fails. Only the post. I am using basic authentication. I enforce that only the admin can manage the database on couchdb. I can access the host from both the desktop and the phone from a web browser to do everything manually.
I tried everything I could of to solve the problem: remove authentication, change the CORS configuration...nothing works. I thought it was an issue with CORS but everything works fine on windows and on the mobile just the POST fails...I keep getting a status code of 0.
EDIT - New info, testing on apitester also works on the desktop and mobile.
EDIT - Here's the zpp to show the logic
EDIT - Tried with REST Api Client on my phone and it worked as well. This can only be a CORS issue or something with zapworks. Weird that it works on windows but not on the phone.
EDIT - I found out what the problem is, but not how to fix it. So I set a proxy to debug the requests made from zapworks studio following this tutorial. It seems that it does a preflight request but gets the response
"HTTP/1.1 405 Method Not Allowed"
even though the payload is
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST
allowed"}.
Here's the request:
OPTIONS /ranking HTTP/1.1
Host: somehost.com
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: null
User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G950U1 Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36
Access-Control-Request-Headers: authorization,content-type,x-requested-with
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US
X-Requested-With: com.zappar.Zappar
and the response:
HTTP/1.1 405 Method Not Allowed
Server: CouchDB/1.6.0 (Erlang OTP/R15B01)
Date: Mon, 18 Jun 2018 21:22:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 76
Cache-Control: must-revalidate
Allow: DELETE,GET,HEAD,POST
Access-Control-Expose-Headers: Cache-Control, Content-Type, Server
Access-Control-Allow-Origin: null
Connection: keep-alive
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST allowed"}
which clearly shows that POST is allowed...
On the windows side, there doesn't seem to be a preflight request for some reason and my guess is that's why it works. Now the question is how do I configure CORS on couchdb to work on android. These are the configurations available:
enable_cors: true
credentials: false
headers:Accept, Authorization, Content-Type, Origin
methods:GET,POST,PUT,DELETE,OPTIONS,HEAD
origins:*
This is the code:
const Open_SansRegular_ttf0 = symbol.nodes.Open_SansRegular_ttf0;
parent.on("ready", () => {
const Plane0 = symbol.nodes.Plane0;
let ajaxParameters : Z.Ajax.Parameters = {
url: "https://something.smileupps.com/test/_all_docs?include_docs=true",
headers: {"Authorization": "Basic my64encoding"},
method: "GET",
timeout: 3000
};
// Perform the AJAX request
Z.ajax(ajaxParameters, (statusCode, data, request) => {checkRequest(statusCode, data);});
ajaxParameters = {
url: "https://something.smileupps.com/test",
headers: {"Content-Type":"application/json", "Authorization": "Basic my64encoding"},
method: "POST",
body: '{"name" : "asdasd", "something": 234}',
timeout: 3000
};
Z.ajax(ajaxParameters, (statusCode, data, request) => {checkRequest(statusCode, data);});
});
function checkRequest(statusCode, data) {
if (statusCode === 0) {
Open_SansRegular_ttf0.text("Unable to connect - check network connection.");
console.log("Unable to connect - check network connection.");
return;
}
if (statusCode < 200 || statusCode >= 300) {
Open_SansRegular_ttf0.text("HTTP request failed: " + statusCode);
console.log("HTTP request failed: " + statusCode);
return;
}
// Attempt to parse the data returned from the AJAX request as JSON
let parsedData;
try {
// https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse
parsedData = JSON.parse(data);
} catch (e) {
Open_SansRegular_ttf0.text("Unable to parse JSON: " + e);
console.log("Unable to parse JSON: " + e);
return;
}
return parsedData;
}
EDIT
Here's the request on windows
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:en-US
Authorization:Basic mybase64encoding
Connection:keep-alive
Content-Length:37
Content-Type:application/json
Host:http://something.smileupps.com/test
Origin:file://
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ZapWorksStudio/4.0.4-stable Chrome/58.0.3029.110 Electron/1.7.9 Safari/537.36
X-DevTools-Request-Id:3680.9
X-Requested-With:XMLHttpRequest
and the response:
Access-Control-Allow-Origin:file://
Access-Control-Expose-Headers:Cache-Control, Content-Type, ETag, Server
Cache-Control:must-revalidate
Content-Length:95
Content-Type:text/plain; charset=utf-8
Date:Mon, 18 Jun 2018 21:36:22 GMT
ETag:"1-512f89feb3d0a88781119e772ec6fd7b"
Location:http://something.smileupps.com/test
Server:CouchDB/1.6.0 (Erlang OTP/R15B01)
No preflight.
Your problem is in the request: Origin: null is usually what you get when the Web page containing the xhr request is opened with the file: rather than the http or https protocol. You won't get any successful CORS request with such an origin.

AJAX POST, why is data sent over URL?

I make an Ajax Post and get the following error:
414 Request-URI Too Large
Why is the data still sent over the URL and not only in the body?
In Chrome is see param1 data in the request URL, query string parameters and in request payload, how to remove it from the URL?
routes = JSON.stringify(routes);
$.ajax({
type: "POST",
url: "http://127.0.0.1:3000/s",
data: {
param1: routes
},
success: function(data) {
$('div.home-products').html(
data);
}
});
This is the full routes object after stringify:
{"0":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":-19.9245,"lng":-43.93520000000001}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":54},"1":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":52.52,"lng":13.404999999999973}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":53},"2":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":44.7866,"lng":20.44889999999998}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":52},"3":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":37.9838,"lng":23.727499999999964}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":51},"4":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":40.8518,"lng":14.268100000000004}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":50},"5":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.0527,"lng":12.224500000000035}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":49},"6":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.8566,"lng":2.3522199999999884}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":48},"7":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":51.0504,"lng":13.737300000000005}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":47},"8":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":46},"9":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":44}}
This the Chrome network
Request URL: http://127.0.0.1:3000/en/s?param1=%7B%220%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A-19.9245%2C%22lng%22%3A-43.93520000000001%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A54%7D%2C%221%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A52.52%2C%22lng%22%3A13.404999999999973%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A53%7D%2C%222%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A44.7866%2C%22lng%22%3A20.44889999999998%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A52%7D%2C%223%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A37.9838%2C%22lng%22%3A23.727499999999964%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A51%7D%2C%224%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.8518%2C%22lng%22%3A14.268100000000004%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A50%7D%2C%225%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A48.0527%2C%22lng%22%3A12.224500000000035%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A49%7D%2C%226%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A48.8566%2C%22lng%22%3A2.3522199999999884%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A48%7D%2C%227%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A51.0504%2C%22lng%22%3A13.737300000000005%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A47%7D%2C%228%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A49.7764%2C%22lng%22%3A12.091699999999946%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A46%7D%2C%229%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A49.7764%2C%22lng%22%3A12.091699999999946%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A44%7D%7D&view=grid
Request Method: POST
Status Code: 414 Request-URI Too Large
Remote Address: 127.0.0.1:3000
Referrer Policy: no-referrer-when-downgrade
Response Headersview source
Connection: close
Content-Length: 331
Content-Type: text/html; charset=ISO-8859-1
Date: Mon, 09 Apr 2018 18:40:48 GMT
Server: WEBrick/1.3.1 (Ruby/2.3.4/2017-03-30)
Request Headersview source
Accept: /
Accept-Encoding: gzip, deflate, br
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7,pt-BR;q=0.6,pt;q=0.5
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 4338
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: _st_session=SkhkUk1HSHhSS1liRXVZbmZBZUcxcE1IZkhVcTNpYkFrWnNWbE5TaFY4b295c0RIVlJMQ09EbFVhQnJvWXA5OW5QeGY4dEhnREpUN09rZUR3eDVOM1UyWWRxcUllN3E2azM2TE0zakttbnZENzRmRU5lWGRHN0ZaNFh6c1MrVzBZd1R1Q1lDeGNGb1Z5M0ZGZ1hncTlUZG9kMnFHdUFuNXg4R01pckR3dHFhYzhtb0l2VW0rWWZwUVV2UGJ1bXQrWE1OVGhDREpTellKV3VKaDVEQnZNQ0FmYkRmL3BoZjVwUG8vNmRucnpuOG9jOUhXUnpWS2dCeC9NUWx0Y2ZNcmtuMDludWhybmxBUTAxNjhPNi95U2c9PS0tV2VqeWNBV3k1d1VrNDBnMEwxa0Z6Zz09--76684486bfaa221829f7d6c7f99d1833550ef865
Host: 127.0.0.1:3000
Origin: http://127.0.0.1:3000
Pragma: no-cache
Referer: http://127.0.0.1:3000/s?view=grid
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
X-CSRF-Token: rlyweDRRbVWVz+TC3MW+roDh2N9WFoAfAPT5oiC+k6LfCgMx4N4zbpfRP98UUT9H2y55Fzco9pI3MQjkuqkPng==
X-Requested-With: XMLHttpRequest
Query String Parametersview source
view URL encoded
param1: {"0":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":-19.9245,"lng":-43.93520000000001}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":54},"1":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":52.52,"lng":13.404999999999973}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":53},"2":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":44.7866,"lng":20.44889999999998}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":52},"3":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":37.9838,"lng":23.727499999999964}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":51},"4":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":40.8518,"lng":14.268100000000004}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":50},"5":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.0527,"lng":12.224500000000035}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":49},"6":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.8566,"lng":2.3522199999999884}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":48},"7":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":51.0504,"lng":13.737300000000005}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":47},"8":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":46},"9":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":44}}
view: grid
Form Dataview source
view URL encoded
param1: {"0":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":-19.9245,"lng":-43.93520000000001}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":54},"1":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":52.52,"lng":13.404999999999973}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":53},"2":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":44.7866,"lng":20.44889999999998}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":52},"3":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":37.9838,"lng":23.727499999999964}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":51},"4":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":40.8518,"lng":14.268100000000004}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":50},"5":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.0527,"lng":12.224500000000035}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":49},"6":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.8566,"lng":2.3522199999999884}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":48},"7":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":51.0504,"lng":13.737300000000005}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":47},"8":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":46},"9":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":44}}
view: grid
This is just a wild guess, but see if this helps:
url: window.location.href.replace(/\?.*$/, ''),
You definitely don't need to be passing along the get parameters that are in your href value, and this will strip them off. Perhaps the presence of any get parameters, even if it's just view-grid causes ajax to send your POST parameters as query parameters as well.
It turned out to be the missing contentType: "json", option.

Angularjs set custom header parameters

In angularjs i must set a custom header for a POST
So i make:
var config = { 'Content-Type': 'application/x-www-form-urlencoded', 'TenantCode': 'MYTENANT', 'LoginType': 'PASSW' };
So i execute the post
$http.post(urlBase + '/Token', data, config)
Anyway when i inspect the request i have
OPTIONS /Token HTTP/1.1
Host: test.strokein.it
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://localhost:54599
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/46.0.2490.86 Safari/537.36
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://localhost:54599/index.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
and i don't see my header parameter
Why? What's the problem?
I think your config needs to look something like this:
var config = {
headers : {
'Content-Type': 'application/x-www-form-urlencoded',
'TenantCode': 'MYTENANT',
'LoginType': 'PASSW'
}
};
Looking at this specification of config.
That is your preflight request.
You have a CORS problem because you are testing from localhost to test.strokein.it
Easy fix would be you upload your test script to your server.
But in general, browser will send one more request after it gets an OK CORS response from your server i.e.
'Access-Control-Allow-Origin' : '*'
'Access-Control-Allow-Methods': 'GET, OPTIONS, PUT'
'Access-Control-Allow-Headers': 'Content-Type'
Then you should see your custom headers along with data on that POST request.
Read more here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Sending OAuth access token in Jquery Ajax request

Following documentation i put together this simple request. Every time i run this request i still get a 401 Authorization Required. I know the access token is fine because i use the same token using get to populate my models and it works fine it's only when i use post and place my token in the request headers.
Anyone else had this issue before?
jQuery.ajax( {
url: 'http://customer-server-2.dev/api/documents/add/.json',
type: 'POST',
data : {
guid : $('.guid-input').val(),
title : $('.title-input').val(),
payload : $('.payload-input').val()
},
beforeSend : function( xhr ) {
xhr.setRequestHeader( 'Authorization', 'BEARER ' + app.AccessToken );
},
success: function( response ) {
console.log(response);
},
error : function(error) {
console.log(error);
}
} );
response header
HTTP/1.1 401 Authorization Required
Date: Wed, 08 Apr 2015 12:20:28 GMT
Server: Apache/2.2.26 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.6
PHP/5.5.10 mod_ssl/2.2.26 OpenSSL/0.9.8za DAV/2 mod_perl/2.0.8 Perl/v5.18.2
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, x-xsrf-token, Authorization
X-Powered-By: PHP/5.5.10
WWW-Authenticate: Bearer realm="Service", error="invalid_request", error_description="The access token was not found."
Content-Length: 81
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html
request header
OPTIONS /api/documents/add/.json HTTP/1.1
Host: customer-server-2.dev
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://test-client-app.dev
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2354.0 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: /
Referer: http://test-client-app.dev/index.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

jQuery - ajax - post - json request - doesn't have post body in some URL

I've been stuck at this for a while now. I have ajax request here:
$.ajax({
url: UPDATE_USER_INFO_URL ,
type: "POST",
dataType: "json",
contentType: "application/json",
data: JSON.stringify({user:'user'}),
success: function (data, textStatus) {
if(data["statusCode"] && data["statusCode"] == 1) {
_callback(1,data);
}
else {
_callback(0,data);
}
},
error: function (jqXHR, textStatus){
_callback(0, {});
}
});
If I set UPDATE_USER_INFO_URL to a specific URL, fiddler show nothing in the body. If I set UPDATE_USER_INFO_URL to something else (even invalid URL), it does put {user:'user'} in the body in fiddler.
With original UPDATE_USER_INFO_URL:
POST http://10.35.50.26:8080/SelfServiceWs/user/session/upduserinfo HTTP/1.1
Accept: application/json, text/javascript, ; q=0.01
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Referer: http://10.35.50.26:8080/SelfService/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 10.35.50.26:8080
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=0BF9D9CCCE9030E60AB0BCE5F6562CD8
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==
Content-Length: 0
Chage url to /SelfServiceWs/abcdef
POST http://10.35.50.26:8080/SelfServiceWs/abcdef HTTP/1.1
Accept: application/json, text/javascript; q=0.01
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Referer: http://10.35.50.26:8080/SelfService/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 10.35.50.26:8080
Content-Length: 15
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=9E79779805579A7964E03AAD76DF043B
{"user":"user"}
I have many other ajax calls, all are working as expected.
It must be little thing that I am missing.
I figured this out.
I have an authentication servlet filter to url /user/ssoauth, unexpectedly (to me), it made eveything call to URL under /user path (including /user/session/upduserinfo) to send out Authorization header. Moved filter to /user/auth/ssoauth stop client to send authorization header when calling user/session/upduserinfo and fix the problem.
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/user/ssoauth</url-pattern>
</filter-mapping>
cause every client call to URL after /user to send Authorization header.
I learned something new today!
try this
data: JSON.stringify({'user':'user'}),

Categories

Resources