I need to call an Office 365 Rest API from my own application.
When I copy and paste the url on the same browser session, I can see some XML.
If I paste that URL into an incognito window I get this error:
The custom error module does not recognize this error.
I am trying to make an API call to get that response from my application, when checking with developer tools, how they call the service I can see this:
As you can see the API call has some request headers.
Google chrome has the functionality to copy that as a CURL request.
And this works for me:
curl "https://portal.office.com/api/myapps/GetAllApps" -H "AjaxSessionKey: wEAjKvw1WCmLD27I2TGqAuga25rq5HdKrdEOCOTXhfX4k6H3U/AQru+hPWfWSMX0hhQ++OFkm/FvKN+Z1moC1Q=="
-H "Accept-Encoding: gzip, deflate, sdch, br" -H "X-SuiteServiceProxyOrigin: https://outlook.office365.com" -H "Accept-Language: en-US,en;q=0.8" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36" -H "Content-Type: application/json;charset=UTF-8" -H "Accept: application/json" -H "Referer: https://portal.office.com/SuiteServiceProxy.aspx?upn=luis.valencia"%"40softwareestrategico.com&suiteServiceReturnUrl=https"%"3A"%"2F"%"2Foutlook.office365.com"%"2Fowa"%"2F&returnUrl=https"%"3A"%"2F"%"2Foutlook.office365.com"%"2Fowa"%"2F"
-H "Cookie: s.SessID=6bcb4983-767b-41b4-8bc9-03d5df23fab7; p.CachedJSFiles=16.00.1449.010:0x27F042160xD2810E3C0xF5EAFC860xA82B20870x58AB93C50x469628490xA2E1E0750xD5297DF50x63CBC2C30xF07895570x76AC56DF0xF515B60E0x052D52250xE77D86F40xD6CD36BB0xF5394BE50x0CA8EA080x810AC8B70xFFDEDE890x59EBF4680x117A18140xFCB544560x2E5289740x883529F50xA732E006; p.CachedCSSFiles=16.00.1449.010:0xAFCABDD50x7704885F0x1EC8288A0x2A2173270x7A142B580x630DEBB30x146543E00x49F2D68A0x9EA9D3370x8ED766C20xFD9BA3040xF4175814; p.UnAuthUserCookie=bb7622b1-75ba-49fe-ae48-feb7c77acba6; s.RPSClearCT=5j5ZGIOBjVgy5L8SUAexNuSViRkEHY5vXGshfJRnDOLJBGgtv9gbmBX03FDDg5hCygEMNgPp7JopPYGo9VtjKAjTXevaezBIVF0EE4HWxTKBpz7h+5G7ZHPNtwV3C3C27zp1XVbtPpA0tHyDzKnweUJtkPoBmQ2UeXpZYcGDAzVFExD8bZwk0RfNm4txuELilgX0Z+s7jRkh5dRu7MFaHH+naob4+2RJelaxcD7fBRGMT1kYloKJfgXihMfdRB09ZjT/egCmiT57jhGSTkIZfN4wIlAm2BzlQ4XBQ0kbLfG+bm/4m9OMITtQOf8Czj/8mlYzksaeGmVzf03syDlJgb4fYoDcMVQ4gUQBtLRZeaDhiIUQDBnTW70XHs4hpaHJCweSyfxrzvXzQSIg9NBe5a30he42cTaMDgY9XmzJxN5r1I32zAoYjN/gjdW4/q+zK+yeN3oNgHD8IufgUFEcdMCBa+CsgVPox9fqYlXJ0c25ksXgRTS6txYe0iHCwZlQgXLKslbjC7k1suHvE7jbCJ5pFfiwDxsISNegC26ENmNoVSXLVP3lwkvwnCMXywtMgiyP+hYjc30EI4inIC2pto9OhECztFscN46mCSBx/d/uTGMVJoSp3I6yikO522/UilLD7/eTeZj2/K0bwOJLVXeoHBNlcLb174JuKZI3KhmcMxFyuo3lWw3lE1YfWLDFqT5VE2eyX5ozk94xKtoWVOvf4MMEPPIMlQmu/gENl3GpegabsLdRr7MHQB16juRl2VS8yitoDrgp3H/d/9DyP8YTIDP3sF5Zdk2FWb/C+Avj6c9M3NR8WhO56rojCO0FkRnOo6uhDxNcVzRNulOs4+G7Sfgt9KOR7iYw3dEe6RrXccR3rp7wuHsdQfmqbbBq6/shW96m9tJuPPDIsYx7XmPU5TtvzFwOUkkLRcEbUd1MqwZknJVlHvbBc69nsc7dbBOQbJF07PfXyF064jjQDWQx0qWUoCRBHxoQNAv6i0lU1z0BTIm3JSU5ZsAZMzyWxzxZFVaJhXdZ861U0SQHfw4RTnQhvt8qjTrYDkmrvtEh8Ba/kPn7O7KpUMnODVRpCnCcIIC0BTNSdbAntlNHaA==; s.AjaxSessionKey=wEAjKvw1WCmLD27I2TGqAuga25rq5HdKrdEOCOTXhfX4k6H3U/AQru+hPWfWSMX0hhQ++OFkm/FvKN+Z1moC1Q==; s.userid=10037FFE9574B4FF; s.LoginUserTenantId=YSFQ8kyfSxMbyHdGGe3qeVi0Uug+6O1jT+ZVn5rXNvX9QvrR6VUpwYwG9HCZUaeyPZwzHuW/1zGwV179588ts2OVGQvmAo5Fvs07lM8ARoKOgyg7UxVdhvVsWU8cDWHiP4Is7P9PdSBPPoDQFjRTpg==; p.FirstLoginDateTimeUtc=id=-1406574579&value=Jan_27_2016; MUID=0F3BE9304DCA6D792017E0994C5A6C86; p.TenantCulture=f5b4bce5-06f0-4035-861f-ddea6d55a5e9::es-CO; s.TagCacheKey=fMdZZLwxq70P5SVbV794Vbf/Nb6nrvfWN+sIz3KSTqCAUfDP6dbCYDg6kiwPPZmjo0A8m48rtqF1Ir450dSxl9Y/qWu+a5gYRmTOZh0kXi8bndA40br4f+YO2xmVdZ3SpkSjwknoddE1meso8NTWvi/lL5+oKy5UOMB4B/YPRkunc7y6z0LWzq+xHgorBWo+ccL4JRzeTdThlxVDd23IcPO/w4O9+O51AHtw3qkZ7kvBiCZcooMX46yGP0SMnsZ0qjg8cv0o01w15/X7rdLQTTut7idyAsvhGsdlOLY8ghE=; s.BecContext=AAAAAQAAAAAEEGiA2yjQd8hDt7bHKBd5pSsGCWCGSAFlAwQCAQYJYIZIAWUDBAIBBglghkgBZQMEAQIEILiXEtiztm51j+9eensRmodQaco4fuQKKMwqb9FVtJxdBBDLmOAQDw0294WzUuRL6prcIIIBsJMrwukBvRsIudZmuuqrcO0I+DdJo5/fMTl+8zD3knXxHpckcUeBtdiqx/OPKiMF2i2gyqd7KV5p7E3yFPIsNs9UEf/A27qVOtZdvOh5YXX76MK0zjSN/19mSRLFu0sAdbIJ9OQhq8KVVx+55BGDRPp/LgZZfBvFG0nW0QSp4wioBCRyYdzBUFfPHnUyFsk2TzynImwDInjtrk3VAHXD2gojY9Hf7hL+16OXEeYGp4x20AAQV9ubRUwlEKZwt3tAfcw/RHq1lL6T+XbwijAqWQUFusHQ2Cm2jezy4tj6d8KxC4UJ1HFDdilKFPkefO4dprMFzPwAnGUHc2h2QPh+AsT5vvO5SQpyWaRy4lO5BK152jI+z60NMLsACkMn/WpopS0XsHph9fyYH4cq222bXUGnj977NN1YaQG90IHNVdoJ1Pbzl7MHD0QbStWky9hdFMzY4ZK2yO6X5KViSqbyLpIyDl315IoogL+8DQOHua+0GQrAE8z6vkSg0CMhbr+uGQCqbvDZ9tBFmRF6jbUQzAUbVoQoPPeynR+cNOT6B/8oS3zEhH9Ab/svAI1Qa5Fuvg==; s.LoginContext=xkNt6v27vuo9QXcC1Jf5YhKmacvZk57w7bPf0TXbQmUndaDq2brrBq3OaQWFKLWzR97LsRskYAYsQ5dwXU/gE92SjBAUgRPVpMuYylaLWlaFLnlm98J7bBPXRWRd04BDjytrKixUL/7XwSIVY/xeDMDV8u8nKZHS9mC5Hl/+oGxHdGoYPuwQRhh5WT/MN4sK3QL7J6aYRAZts3zOOud0+bQOGARSaJFk1+m04hf6aMybYZld7WidRcG9cRrNO4hfwn5ts3H32mOWFKMW9WaClfEQvgbYUe/PfHY3uQPqYp5l8scBh0daN2ZAzuftV3vcZSm8KoQW3DPwFIU1Lej/d1GnaOPK3p5dst4Jcn2ZVYO+vXVGKs1V4tIfeYjv5RvVrKHNamdbpRmBuiho82kO+j/3HbyzsA1EuX4ZxZ2GRHun86FmTfrVQaRvKuZXKB5TJbJkq30g+i1XO4QPlejyMMTe5CHZruSpHm4kFqfCvBQLoXricgD+Ctqev6LJvLV3Uio+YvqB1anhMNZm4FCp86G9K9x7DDx0Vmyir0wdAl2yxjppJ4GG08X+bfVL364yFkaJY0IwAFkDGbLUvTzS/WtLp/M88bFsRWn4wOOOdWAEECjkQ5U3HabbwhD6Xx2Zuui387U2/FWy5OKkQ9gk8FuaWMZnHGutKZ+fSBPUXXxduL3euN1ESouQR80A2RoRKWPl94rGNysiQ9BUdjMwU4RAfAGaOB3FEOJzi6KDsCImjBrPxg6Hk+WGizyE+1D5/y/xmAE5Xf0qw/YBFg6cCULYptJr+IqXM/28vTgny4XQZYqzebywpenxDAgS9vtmdY66xYULPbpvdx6jKGzLw4XxL9V4W8InkYRvccOV0zQ7VC+nTHsTnzQDxX0m3TzwXtPInZ7kBBJrYRgE0Pv5Op0NI/ut8Pbhe4k9pJHlBNJnIwL9K1mh6mv2uAvKh8w5JlhKuEgRgCRPvGsuz4c1d73YE6KabHsNbt+JKUKu1KfX4ZW6KDWcFCV4yiLd0Lqyd28dPuhl3YqV4zpSTTp9SnevZeARnRRf2/M8wXEfWIJeHWDXj3UBXoUJTiaIe5RkNvisje4SCMOQ1s6amKBZGU8UxnRbY2S9r1pW7tR/oTAH4uKx7N72ljl6Yx4DgLeZ7eKtVgzzbowL6LEj7Pg/e62oxeI89C7j7zDOWwcMly4sM3OZbyIzcIbjIoarbAiqoY0TMkHyXLDvhu1IZNyMX6D98S8ZPz5UseCzBkLBi9OrSb+dCbxDFOn+9kTHa1uBMxYSDGwlzKSE8AQ4R38KE/QRkAQfPqLv3hPSaSlDqPFa6S77RRNaPms1LQGcDPRWWo8IZSZOO9hM6nnd87joFDMnLmVBeDBMtkvywgW2ARj0IjPpB0QkgL2w2nk1DVdBBG42zWYRothxglTWZLWWm4R1QuVJEmVuorS+7B+J80APHLU+uOFClp6AnW/D31dJdoOFpgpmt7ImS4y698mkc/3pj3f8U6Tv1ti110D9+VrmxFnZRHj5FXqRrumPAz/fXBRU5BK2pUL9eebpdRVmleQnzSXrFg8pE/JDZnu8wjhkcj/Ii8MBfRmHPeoCCAFzD+dMEAwv2vOKSE+oeu/VPMn8JZd/5R6U+mYPAUQhWtHMFHdS7WjWB3deF5HS5mNk/uYIlo+2ZWo40kPW9OFps9QjQ69BIDVrMt2jCgYVIQA1GCPevV0ofXbFplpYufZuG+odaCVZESthUMHkTXGTrBpPuRImtf7HHMBogfpvzyTbQFdpeEpMkPYagYdHJn4kP1QNKbhV1Ohgjhq3CE8Qj+dXB4A2tV2JKD6uU/P14XoXFkLUsue0LRviPrLw/YTvDMATn4sKW9fS2s7TYkZkgvGqnsvz2ifq8M79LijXsT47TiEMfN5VTm3YIFJ4PSOLwtf0Jo6m7fT/EJPeYy9b507x4wtdqiRwK9hOPvPNpD3DMRPSMal9V5YYbu9iZkopdvgiWSfoQWQz0Xns20R5XS6iCfV8VYrosqDy3sfpiPPHppag1wCL/iqp55gXgDijJGSrxUdqZKHfU8P/8Cux9NkXR3qNXfiNapFa8gaf3EfPU7MZmO7L8L8OqxJqBB+D9AhGE5NLyhfyzgrBcmI+gCfrXB4b0Uc7fE7LZqnoKMDscWvsfye0xostQFxLxVe+y30jAkkFmqUNBD8/E1IvTO4sziRnThLl0xk3eg5/e29MGtk5tDcdtEjie6/vrNFkLwvgPLUfW79kPA1A4/ESp4f5a8ISggT7ixoYzGlxh7TqRORp2K6ZIPqwwxkVZSe2unwEN7Qu+AzyV4q441qSS810+wWRcJVUeMupydKLp24F5H9JHFfc2kivSBetZnzJ8hlGM/pvHosnHxXzATzWl1nPF3vmcQLqo3NRuS4968TOD+ifhyndby5+z83Qn1TqwU7CMLwcxpc00kVRjxNUte+E1lIHB5eNG00F8aGYVnbiEMIndvp+3D2c4I84RT4sbLpulQtlvwP0Y7+g7aPRWkXVzIHQVKBV4AV2V2CbKX3Zy9MEda46ov5TY6D81U9TMxd3+zFdSoWhNR1/D1A0Og8M7s2DuEvaIn1nHKuCHDPKvU91MaZg+Ib/wPi2nfBpx9RC3R2ti3LZdBytZ2Vb45YYLrRE9ycMo3301Ka8N04jG+18K13xPQbjxEJBel/eztELNQqUuzrUbN+JYv8MoC3B1jfRtfO6Xq202Sj5NxqpCJRO8BcaiLd81sZNynB2jFLcAFlHcbsqki/OKIKQrvDvU8t2S1b7jxef9qf4dU838fvcfjM4iMngm5qqyb6LTTETcM24m9s2fq9UeECtDNVM7bgfXR6LOfWYHX52cCZyLUwazZH/Jqu84hoUE1HrEe/XDBMsrgFFxelLH+smw53fx7UBBaxsGw2ca83bl2VbUvDpV5eo9a45/9yz3lEsXsLyPT3jXMtLuuOcu54g+gX8SJ/Pc4p/VO9bXCjodP8JmyHgMnXJ+7QxW8cht0LNIJL0HnqubS/L2Kq8+u2kwc/Co5S431yuFFp6OUoR52pvNJmM9i7ZHogvAKlbA1tYdCSuormfJZYIQII4zr4vAkfw/xBG8qxzuMnf0U0Og8UEIch2PIXyjAg5ew6pQUlC2RC92IdDl5rQFMGPA9XefcehUZ43OTw+x3iSFsYyJwhJYWylN0mZq6AKWroXESuGf7KOT8RPztwcxgrnW+x0jRa2jzYNVPYrYZTzgCY+0QTjk8mBrNyKS10X5aCOo41cNY9hile/WHQJCHxoEArBHDJUCQue9cSj3+d/SfsNFnT13KUGBzMlEO91sGsRtU01uQNJSVD5i4JwBs5F4eK/Qz3+F7yzBNes03s8Zs4SnqSvOgBrIx/4F67w+nEARxuthkSKVl0IWbqNO8vBEWSm3A=="
-H "Connection: keep-alive" --compressed
I can see some response as below:
Now I am trying to do the same with $ajax
$.ajax({
url: 'https://portal.office.com/api/myapps/GetAllApps',
type: 'GET',
dataType: 'json',
data: {
format: 'json'
},
beforeSend: function (xhr) {
xhr.setRequestHeader('Accept', 'application/json');
xhr.setRequestHeader('Accept-Encoding', 'gzip, deflate, sdch, br');
xhr.setRequestHeader('Accept-Language', 'en-US,en;q=0.8');
xhr.setRequestHeader('AjaxSessionKey', 'wEAjKvw1WCmLD27I2TGqAuga25rq5HdKrdEOCOTXhfX4k6H3U/AQru+hPWfWSMX0hhQ++OFkm/FvKN+Z1moC1Q==');
xhr.setRequestHeader('Connection', 'keep-alive');
xhr.setRequestHeader('Content-Type', 'application/json;charset=UTF-8');
xhr.setRequestHeader('Cookie', 's.SessID=6bcb4983-767b-41b4-8bc9-03d5df23fab7; p.CachedJSFiles=16.00.1449.010:0x27F042160xD2810E3C0xF5EAFC860xA82B20870x58AB93C50x469628490xA2E1E0750xD5297DF50x63CBC2C30xF07895570x76AC56DF0xF515B60E0x052D52250xE77D86F40xD6CD36BB0xF5394BE50x0CA8EA080x810AC8B70xFFDEDE890x59EBF4680x117A18140xFCB544560x2E5289740x883529F50xA732E006; p.CachedCSSFiles=16.00.1449.010:0xAFCABDD50x7704885F0x1EC8288A0x2A2173270x7A142B580x630DEBB30x146543E00x49F2D68A0x9EA9D3370x8ED766C20xFD9BA3040xF4175814; p.UnAuthUserCookie=bb7622b1-75ba-49fe-ae48-feb7c77acba6; s.RPSClearCT=5j5ZGIOBjVgy5L8SUAexNuSViRkEHY5vXGshfJRnDOLJBGgtv9gbmBX03FDDg5hCygEMNgPp7JopPYGo9VtjKAjTXevaezBIVF0EE4HWxTKBpz7h+5G7ZHPNtwV3C3C27zp1XVbtPpA0tHyDzKnweUJtkPoBmQ2UeXpZYcGDAzVFExD8bZwk0RfNm4txuELilgX0Z+s7jRkh5dRu7MFaHH+naob4+2RJelaxcD7fBRGMT1kYloKJfgXihMfdRB09ZjT/egCmiT57jhGSTkIZfN4wIlAm2BzlQ4XBQ0kbLfG+bm/4m9OMITtQOf8Czj/8mlYzksaeGmVzf03syDlJgb4fYoDcMVQ4gUQBtLRZeaDhiIUQDBnTW70XHs4hpaHJCweSyfxrzvXzQSIg9NBe5a30he42cTaMDgY9XmzJxN5r1I32zAoYjN/gjdW4/q+zK+yeN3oNgHD8IufgUFEcdMCBa+CsgVPox9fqYlXJ0c25ksXgRTS6txYe0iHCwZlQgXLKslbjC7k1suHvE7jbCJ5pFfiwDxsISNegC26ENmNoVSXLVP3lwkvwnCMXywtMgiyP+hYjc30EI4inIC2pto9OhECztFscN46mCSBx/d/uTGMVJoSp3I6yikO522/UilLD7/eTeZj2/K0bwOJLVXeoHBNlcLb174JuKZI3KhmcMxFyuo3lWw3lE1YfWLDFqT5VE2eyX5ozk94xKtoWVOvf4MMEPPIMlQmu/gENl3GpegabsLdRr7MHQB16juRl2VS8yitoDrgp3H/d/9DyP8YTIDP3sF5Zdk2FWb/C+Avj6c9M3NR8WhO56rojCO0FkRnOo6uhDxNcVzRNulOs4+G7Sfgt9KOR7iYw3dEe6RrXccR3rp7wuHsdQfmqbbBq6/shW96m9tJuPPDIsYx7XmPU5TtvzFwOUkkLRcEbUd1MqwZknJVlHvbBc69nsc7dbBOQbJF07PfXyF064jjQDWQx0qWUoCRBHxoQNAv6i0lU1z0BTIm3JSU5ZsAZMzyWxzxZFVaJhXdZ861U0SQHfw4RTnQhvt8qjTrYDkmrvtEh8Ba/kPn7O7KpUMnODVRpCnCcIIC0BTNSdbAntlNHaA==; s.AjaxSessionKey=wEAjKvw1WCmLD27I2TGqAuga25rq5HdKrdEOCOTXhfX4k6H3U/AQru+hPWfWSMX0hhQ++OFkm/FvKN+Z1moC1Q==; s.userid=10037FFE9574B4FF; s.LoginUserTenantId=YSFQ8kyfSxMbyHdGGe3qeVi0Uug+6O1jT+ZVn5rXNvX9QvrR6VUpwYwG9HCZUaeyPZwzHuW/1zGwV179588ts2OVGQvmAo5Fvs07lM8ARoKOgyg7UxVdhvVsWU8cDWHiP4Is7P9PdSBPPoDQFjRTpg==; p.FirstLoginDateTimeUtc=id=-1406574579&value=Jan_27_2016; MUID=0F3BE9304DCA6D792017E0994C5A6C86; s.TagCacheKey=Tyo3H5iedT2v3VBQUIPR8X17RI2TPN7NbZ57l5cTNIu2XneEraxvGuohA6b+30tBn15x7XkXLKyjJjJSI7EX5f19nlvrpYcdHo8vRgCFjNVRaXFOqX5tjfVQ+3egiYh6xiKFxRK5RikgIhi+qHdUCgAAh3ubFGhsHdrqp4C9Z2vuKxNGGEIbytPAVslISKTRjlt8LrsaG0P8oqKIrLRgR0vFjbL3XZD5OV+38GpP+deHvLAJBc62HMpOrjqGcQF8FXZK9jRcAJrIgelXogXnINvqvmUTDHyn/l9JQTDoOUc=; p.TenantCulture=f5b4bce5-06f0-4035-861f-ddea6d55a5e9::es-CO; s.LoginContext=p44xgPoQ+qKCb3T31bZ96FLuIXrdoPLKDdutPlXYJtZ6tWDa77+PjGr2afyNEQ50fFDPJHNxOnTW/QwC4V+9gPwrFFakf9/ThgeJgY8HLa3/MIy16WepkisyIQheaIuNvqBPaM0gSK4cenq+WCo4jRlyOVYP9RjMpEGnKyhtcDLqk6TVMG8tY4inS66yjgJy93cRhNycVENiKVrdHoG7lOYTKRD3FaedntzFMNa3lihYaPYZtFlC2lQT7OVN0zQ0BF63nJu5nG+8j3xihMGRCL8tL2vSReN+SX1+H9Ta0kv9vzOi4KO5F0xdWVacryhAokpnXpxD61QR1yarsaibKm2TfqutYUDPuJtjZL4tGCbOxUENK9uaJljxhzhcFpsafpM3MOMiLIl1GSHEoBF1DLgqoEK2Z+UkM0Rg2r1h4UditmWLC7y6lIfRvNsoI6M0Kci82eZor1QFP3qLLBTFhodtCa6aNeJcNbH8ALAKDyZgXQMPPOrLYPM49ycgUOAvqBbi8p3B64PgRH2wXLhuJT+iSZF8xXImIrcFxydicvDyk/brdNtwteeibWYRVL/Qq6yOPI7zolciC84mctKPQ0KdSF5gZeY/lu6Jfpogg+DlUtuGJpdLtwFhPFtpsNGnBkMuUtd/cLTGwg8oAxrt/SlzYYNYpK0Vw35Hxvbprq0vXwhS0Gmq/KuuTZ0EOLan8uWqNwsCyR947sZao++DJzEpjYLkV5D5U1QuF4qZx9jRh0shLF/oayYjyIXGnFBHprifeBsoXP7RWER+Prr6UzEKGq+Q8N+Hig1qLfsLPLnBu2AItbnXAWYAbP1w9zzDyl1a7saJan/zg2RClZeNipx8rzsUibmNNV1aNfFj29kmU14GXTpYRrlO7wr6qF/Uk2q2xCPzWSGcmDEt/iw8zt3CGUC9Js5YVt2kxoqgDujByejP5M3YSvdZXyq93oBhYNzj3y9C/oBUo5Xq7cqnAGp3nAVIJhrIgHaeq2ozWteIA78wO3Q0HVImTf98jJs75lxvd645AwsZqEen4OOyvFyGP9ZPLBVT67AgGJLlqWnllYk4hS19ufxd8TPoMn7lAIvGQBkcgkgJgvVOnfdKoD/c6uCr64W5JPK7G3WXObtBvBdlcgObG+b/ATbDftWZJoPm/AWxDU5l5dnyyxIWfYukgtGTSH3JMS7x+vGDYebVHHxgUlwRIzneB59sCSQF6gvoOa+khSeZknTAgUO6Ireitrd7mDLRaekOBs3phKY4ur84NkWymLs5ekwjQCVonyIfCmHfAl3yB14i5ufyfQc54F6AtJDEqkouxKPMDGRg8oMdB70Yr5Y/VseuYLivHbLfP9DsrKOa933ORCtb+7QXUzcRtcWuOyzWfDfIhXFfaJqBzGUw1NxZdUr/7LBjK1sK8SQDrH6Oy9ZpZsu+h86cVl9++2W2eHQqzgZpmpKDwRDyyDeDqLanhNJBREuZmzJcvan3c3kr2XvKS9SncwM2HmYGniZ9Fm+5uZ0fRDHtzWlvnbkcUUBr1K/Vp2GFmXj9NGZKZFxNAkmvpj9as4ykYmzXU7/uunVeQYSPzjZFU7ZGrV2I+oRfoASQEeNmNxhKfXiqAZz12rscMP8ou92A6/jDTa3Y2zHmSS/0CzO15+avjLIhPgrVBuRYlZIwceJetxBmY3cNBBhi4OIV7q9NRymWQz7R7pLtteFlx6HJ+cERKBHFf9IRqi1xZ/NYpSCyZJ5PlmevSt1R3FJtK7zhRGy4v0uxb4DuADKbXLr8nGNavtIdHYrb+RxlV1dXAj1/lvTmLoEcd/O6ZtHfGHMuhMPRl67bwJdNENUxJQMjCu2RSNwT7Nxq//IXzSG9VzdpsrOVDepD/pP/QB1PsAL3XYRrXmxes9c1aYZZZF0j0D5VplfT7QdIa8xZMt17COeWJYs2o2+skyN0lP+GHV0Eu8By0U36EGNsObDvMOmHqxc/kZXBXbmKo6nu689CyPDheoO6tWKVkvFr1hnEWhXAcuZQ6EVhu0+Q55NL405/VQ+XRRHqas7G8RNmmMSepL/g0JYwmBIMvaeBOSJkKPomoVtqW+e6LFNTxzvZbM4TpdhL73WK0wb0GrNwKGaNY/SdU0uhUHUxqR0rJ3QYXQVVl1jGb5vv7jhuu1VcixRlLIt3XNlYWSsa28m1GEkFFLqVAmJl/LQb6mnJRbXjYkhBJnVDfpQrpJ0xOeCn3Z5hcU6n6URJv8/y1rLzjUKFhO9HiiTXp2gBPK5uX+uo0paN/5VYvzwqoqvLGMiAHBWFvNPa8yhphqS324jnjN0xMCqRfQPMswV3UHnbpia5LGO+3kfW19ivNaF5bH5JCqTKHXuGj8M9JSv2dGJJi4rUXPWBwFKjSs7kgyRzbdPWSS1EijFw95rxTcpAapc/Tu5cz0305dYJzTOVlQLkdoFSDnj66NpsoTH3Llyt2BJVsSziLHDI3Qu3afRNvuq48nRMRWobQEVef/8k3M/D6By/O9A7IaMgdUk/Cg2KbdEbArSHf19mP97YgWvugw0Hp+LgUXNhe1GBFaUlzIBdX+NqE+wJslvXUAf0tZQXi5AdU858+Vgl11qcvHuH72VrjwM6DGFRicanCNLhLQrqUNY0GbbmFnsL0HxGSZ/DzbAmLKQ0X4vH+OYYt59ufzGMQYYWt/kyKOMn6JsUPNVyZ7RHcN+HLsdyj/zPHAjQHSQ1DASuCM+eQJ6VCxq0P2/BWbPB1ZL/K9sEv/bDTI7VqfrCVf92EAD0TcSR+v6T6WaHvyZ9fY/deVpMnlYtfJ+UdLVgqckXwNsFcCUwkFrOkgrhDKcIfSE8xduk40Wr5uAiF81zD/uUqlCvCAPGur1omF9TMD7ycZGr7eDgbndG5/f6TBxL12R41W2WlxRyQg2/fbfsSpkhOAmxPhuFQbhwl+rPBPOufa1j89QO1b6Mu4gJBGEmsT+kgO5MWU4LweWMby53KP63MNfgKZxKIB3lkwU2drx5skFOSzoAFof9vSg3hkjin6tW7wJTE37reVMngOXzRfFD0UIquk5ae9wtOEEp7HSlLFLOLa9R58BGz6b3yxgPmJFbqFPvkV1qP9uT+ZpAvjPn5M3ic92sPW22mCwdV6PbGK/8BrcIhqg+/Xcda3DNirA19cE5bl7+U2shgyrGPTIFc3Twlds/eNt9xcNqSgNhOXol5F9wZ8Ri/9M2Vg/Z+YRp2CRi6Xyr5mxmUrNg2UIyejNOFQYQRw7VJnFdjTeluHwNYz5/zKIi5HPITW71b/B/1yBSvJABUOFdQgdepSSl6QwnsB9+1upwQWj4pE+6Fx1eiuTKO1cGT/GclAAMz8EyWjJj1vJNJJLxutjVZmbeACH9DiLEc7Vr/WsHTJv0VLJ2rjq7U3dDxqQ7GDzaiSEuwIP17WE2uWNUAg==; s.BecContext=AAAAAQAAAAAEEGiA2yjQd8hDt7bHKBd5pSsGCWCGSAFlAwQCAQYJYIZIAWUDBAIBBglghkgBZQMEAQIEIIimBSyEKl7CJv/2+fJ7kQWgf8ZFrE2rS5N4Q883AYGcBBDHkGvCyq58OtBctX3PiAbrIIIBsHHMMgDeIEwWcwFehoQJuPt6f1UvdJmidNryc/XXmTeGBKJn733KDzNXKjNmoREt/e59CGXSjpA97aD7b5Sjbjo9ubQ3gnFfykEZ5hePlMrbYgzNtMnRDpQ7UKIevkGU8K+REqUJPZqE4tcyi7gdnNXy/RlWfeaSGerL/6rZIm8OxTmtnIGCm7Hiw5CqLZ1PgCJuRDegh2VPJtI3s37pQC8o+81f02LOxQ2x/zV0BFH5dG9mLOGBomCEE5dgvMpjaE46mjK8jO9Z8JWzILVFS6H/ZxnW2ua9XJauMcgJrNjSTg6M+4ZEKbabDi0ACSdDTdekDJxN2edO0V4sLxNlTm7yyQJ1JLbcNlJWBJdrRS7GpXgl9n0byI/6GBDzTPHluqpQjirJ+2sFT7Y9ksetXDCE4VZTG6szx8igi1rc5vzyxWdfsc3rovUKMMNJM0aIXArMXYDN85C8K61X9gq+1iArr5fWGch+VwsVYWdXZANgYZDrnqknVLEJAbkd2Lrkd98kCMZluDWgH7ZDPN5lOxe7yRuFb+7vCmJXZMdgjiiPwuu1aZk8vXFNQNpxwJ8aTQ==');
xhr.setRequestHeader('X-KGP-DEVTYPE', 'xxx');
xhr.setRequestHeader('Host', 'portal.office.com');
xhr.setRequestHeader('Referer', 'https://portal.office.com/SuiteServiceProxy.aspx?upn=luis.valencia%40softwareestrategico.com&suiteServiceReturnUrl=https%3A%2F%2Foutlook.office365.com%2Fowa%2F%3Frealm%3Dsoftwareestrategico.com%26exsvurl%3D1%26ll-cc%3D1033%26modurl%3D0&returnUrl=https%3A%2F%2Foutlook.office365.com%2Fowa%2F%3Frealm%3Dsoftwareestrategico.com%26exsvurl%3D1%26ll-cc%3D1033%26modurl%3D0');
xhr.setRequestHeader('User-Agent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36');
xhr.setRequestHeader('X-SuiteServiceProxyOrigin', 'https://outlook.office365.com');
},
success: function (data) {
alert(data);
},
error: function (xhr, status, error) {
var err = eval("(" + xhr.responseText + ")");
alert(err.Message);
},
complete: function (data) {
alert(data);
},
});
But I always get this error:
What am I missing in this code, to be able to call the service just as CURL and return me the response I need?
Answering your title question is just use the headers settings for $.ajax. For instance:
$.ajax({
url: 'https://portal.office.com/api/myapps/GetAllApps',
type: 'GET',
headers: {
'Accept': 'application/json',
'Accept-Encoding': 'gzip, deflate, sdch, br',...
}});
But I don't think that the error is caused because of missing headers. You should explain better the error, if is related with same-origin policy you should take a look on these links Working With and Around the Same-Origin Policy and Cross-Domain requests in Javascript).
I think you need to provide further information about this error but my first guess would be that the host has No 'Access-Control-Allow-Origin' enabled, and that's why you can do it from console.
You can try running chrome with --insecure or just install the allow-control-origin plugin
Can you try with by adding
dataType: 'jsonp',
crossDomain: true,
More information needs to be presented to confirm this, but jonystorm is most likely right. Browsers follow the same-origin policy. This means that all requests must be made with the same protocol, host, and port to succeed. The exception to this is if the requested server includes an Access-Control-Allow-Origin header. This header allows the server to explicitly list the other hosts that can make requests to it. You can read more about this on MDN.
My guess is that, although you're setting the cookie, your browser is not sending it with the request because it is not "credentialed". You should set it to use credentials with:
(...)
beforeSend: function (xhr) {
xhr.withCredentials = true; //Include this line
xhr.setRequestHeader('Accept', 'application/json');
(...)
The only issue is that this may not solve your problem entirely. Because by when doing CORS requests, your browser looks for the response header Access-Control-Allow-Origin if it does not match the exact host your page is hosted, the browser refuses to serve the answer to your page script. Even if the server returns the result with status code 200 OK
My guess is that Office 365 API wouldn't return this header with your exact host for security purposes. If it is your local/development use only, you can always run chrome disabling the Same Origin policy. This should circumvent the issue of having the browser refuse to serve you page the AJAX results.
I think the api requires authentication before api calls. You should be considering js api code samples instead of using curl type header with jQuery.
Try
1) https://www.itunity.com/article/calling-office-365-apis-jquery-adaljs-2758
2) http://paulryan.com.au/2015/unified-api-adal/
Or view office-365-api documentation for javascript (if provided by microsoft)
Related
I am trying to GET data with my client vueJS on port 8080 from the REST API on port 3000. This is resulting in a CORSE Error. A POST is working fine. To fix this I tried to create a proxy as described here https://medium.com/js-dojo/how-to-deal-with-cors-error-on-vue-cli-3-d78c024ce8d3.
//vue.config.js
module.exports={
devServer:{
proxy: {
'/teams': {
target: 'http://192.168.70.54:3000',
ws: true,
changeOrigin: true,
secure: false
}}}}
I want to redirect my traffic to the 3000 port.
//rest.js
function getTeams() {
var returnVal;
axios({
method: 'get',
url: REST_API + '/teams',
responseType: 'json'
})
.then(function (response) {
console.log(response.data); //Is what I want to return
returnVal = response.data;
});
console.log(returnVal); //Is undefined
return returnVal.data;
}
I am printing response.data to the console but my returnVal is always undefined. What am I missing?
This is my network log in the browser.
General:
Request URL: http://localhost:8080/teams
Request Method: GET
Status Code: 200 OK
Remote Address: 127.0.0.1:8080
Response Headers:
Referrer Policy: no-referrer-when-downgrade
access-control-allow-header: Origin, X-Request-With, Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
connection: close
content-length: 1070
content-type: application/json
Date: Tue, 17 Dec 2019 18:57:14 GMT
Request Headers:
X-Powered-By: Express
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Host: localhost:8080
Referer: http://localhost:8080/setup
User-Agent: Mozilla/5.0 (X11; Linux armv7l) AppleWebKit/537.36 (KHTML, like Gecko) Raspbian Chromium/74.0.3729.157 Chrome/74.0.3729.157 Safari/537.36
There's a lot going on in this question.
Firstly, let's focus on this bit:
function getTeams() {
var returnVal;
axios({
method: 'get',
url: REST_API + '/teams',
responseType: 'json'
})
.then(function (response) {
console.log(response.data); //Is what I want to return
returnVal = response.data;
});
console.log(returnVal); //Is undefined
return returnVal.data;
}
The first log line is logging the correct value but the second log line is undefined.
This is to be expected. It has nothing to do with CORS or proxying.
The problem is that the axios request is asynchronous, so the then callback won't be called until some point in the future. By that point the function will have returned. You should find that the log lines are being logged in the 'wrong' order for the same reason.
You can't return an asynchronously retrieved value synchronously from a function. Using async/await may make it look like you can but even that is a fudge, hiding the underlying promises.
You have two options:
Return a promise from getTeams. That kicks the problem of waiting up to the calling code.
If you are inside a component you can set a data property inside the then callback. This is instead of returning a value.
Then we have the other parts of your question.
It would seem that you have successfully managed to configure a proxy. Difficult to be sure but from everything you've included in the question that seems to be working correctly. You wouldn't be getting the correct data in your console logging if the proxy wasn't working.
However, there are a lot of CORS headers in your response. If you're using a proxy then you don't need the CORS headers. A proxy is an alternative to CORS, you don't use both.
As for why your CORS request was failing prior to using a proxy, it's difficult to say from the information provided in the question.
I'm using zapworks studio to develop an AR experience. It uses Z.ajax to make the ajax calls. I make a GET request and a POST request. I'm also using smileupps to host couchdb(they have free hosting). Here's the CORS configuration:
credentials: false; headers:Accept, Authorization, Content-Type, Origin;
methods: GET,POST,PUT,DELETE,OPTIONS,HEAD; origins: *
Everything works fine when launching ZapWorks Studio on windows. When scanning the zapcode with an android device, however, the post ajax call fails. Only the post. I am using basic authentication. I enforce that only the admin can manage the database on couchdb. I can access the host from both the desktop and the phone from a web browser to do everything manually.
I tried everything I could of to solve the problem: remove authentication, change the CORS configuration...nothing works. I thought it was an issue with CORS but everything works fine on windows and on the mobile just the POST fails...I keep getting a status code of 0.
EDIT - New info, testing on apitester also works on the desktop and mobile.
EDIT - Here's the zpp to show the logic
EDIT - Tried with REST Api Client on my phone and it worked as well. This can only be a CORS issue or something with zapworks. Weird that it works on windows but not on the phone.
EDIT - I found out what the problem is, but not how to fix it. So I set a proxy to debug the requests made from zapworks studio following this tutorial. It seems that it does a preflight request but gets the response
"HTTP/1.1 405 Method Not Allowed"
even though the payload is
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST
allowed"}.
Here's the request:
OPTIONS /ranking HTTP/1.1
Host: somehost.com
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: null
User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G950U1 Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36
Access-Control-Request-Headers: authorization,content-type,x-requested-with
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US
X-Requested-With: com.zappar.Zappar
and the response:
HTTP/1.1 405 Method Not Allowed
Server: CouchDB/1.6.0 (Erlang OTP/R15B01)
Date: Mon, 18 Jun 2018 21:22:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 76
Cache-Control: must-revalidate
Allow: DELETE,GET,HEAD,POST
Access-Control-Expose-Headers: Cache-Control, Content-Type, Server
Access-Control-Allow-Origin: null
Connection: keep-alive
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST allowed"}
which clearly shows that POST is allowed...
On the windows side, there doesn't seem to be a preflight request for some reason and my guess is that's why it works. Now the question is how do I configure CORS on couchdb to work on android. These are the configurations available:
enable_cors: true
credentials: false
headers:Accept, Authorization, Content-Type, Origin
methods:GET,POST,PUT,DELETE,OPTIONS,HEAD
origins:*
This is the code:
const Open_SansRegular_ttf0 = symbol.nodes.Open_SansRegular_ttf0;
parent.on("ready", () => {
const Plane0 = symbol.nodes.Plane0;
let ajaxParameters : Z.Ajax.Parameters = {
url: "https://something.smileupps.com/test/_all_docs?include_docs=true",
headers: {"Authorization": "Basic my64encoding"},
method: "GET",
timeout: 3000
};
// Perform the AJAX request
Z.ajax(ajaxParameters, (statusCode, data, request) => {checkRequest(statusCode, data);});
ajaxParameters = {
url: "https://something.smileupps.com/test",
headers: {"Content-Type":"application/json", "Authorization": "Basic my64encoding"},
method: "POST",
body: '{"name" : "asdasd", "something": 234}',
timeout: 3000
};
Z.ajax(ajaxParameters, (statusCode, data, request) => {checkRequest(statusCode, data);});
});
function checkRequest(statusCode, data) {
if (statusCode === 0) {
Open_SansRegular_ttf0.text("Unable to connect - check network connection.");
console.log("Unable to connect - check network connection.");
return;
}
if (statusCode < 200 || statusCode >= 300) {
Open_SansRegular_ttf0.text("HTTP request failed: " + statusCode);
console.log("HTTP request failed: " + statusCode);
return;
}
// Attempt to parse the data returned from the AJAX request as JSON
let parsedData;
try {
// https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse
parsedData = JSON.parse(data);
} catch (e) {
Open_SansRegular_ttf0.text("Unable to parse JSON: " + e);
console.log("Unable to parse JSON: " + e);
return;
}
return parsedData;
}
EDIT
Here's the request on windows
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:en-US
Authorization:Basic mybase64encoding
Connection:keep-alive
Content-Length:37
Content-Type:application/json
Host:http://something.smileupps.com/test
Origin:file://
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ZapWorksStudio/4.0.4-stable Chrome/58.0.3029.110 Electron/1.7.9 Safari/537.36
X-DevTools-Request-Id:3680.9
X-Requested-With:XMLHttpRequest
and the response:
Access-Control-Allow-Origin:file://
Access-Control-Expose-Headers:Cache-Control, Content-Type, ETag, Server
Cache-Control:must-revalidate
Content-Length:95
Content-Type:text/plain; charset=utf-8
Date:Mon, 18 Jun 2018 21:36:22 GMT
ETag:"1-512f89feb3d0a88781119e772ec6fd7b"
Location:http://something.smileupps.com/test
Server:CouchDB/1.6.0 (Erlang OTP/R15B01)
No preflight.
Your problem is in the request: Origin: null is usually what you get when the Web page containing the xhr request is opened with the file: rather than the http or https protocol. You won't get any successful CORS request with such an origin.
I'm working on making an AJAX call that hit the Mailgun API to send email. Documentation on Mailgun says that post requests should be made to "https://api.mailgun.net/v3/domain.com/messages". I've included my api key as specified by mailgun (they instruct to use a username of 'api'). Since this involves CORS, I can't get past the error: Request header field Authorization is not allowed by Access-Control-Allow-Headers.
However, I've inspected the requests/responses in the Network tab and "Access-Control-Allow-Origin" in the response from Mailgun is set to "*"...which should indicate that it should allow it? (See request/response below): I've edited the actual domain and my API key.
Remote Address:104.130.177.23:443
Request URL:https://api.mailgun.net/v3/domain.com/messages
Request Method:OPTIONS
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, authorization
Access-Control-Request-Method:POST
Connection:keep-alive
Host:api.mailgun.net
Origin:null
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Response Headersview source
Access-Control-Allow-Headers:Content-Type, x-requested-with
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin:*
Access-Control-Max-Age:600
Allow:POST, OPTIONS
Connection:keep-alive
Content-Length:0
Content-Type:text/html; charset=utf-8
Date:Fri, 20 Mar 2015 19:47:29 GMT
Server:nginx/1.7.9
My code for the ajax call is below, in which I include my credentials in the headers and the domain to where the post is supposed to go. Not sure what's causing this not to work. Is it because I'm testing on local host? I didn't think that would make a difference since the "Access Control Allow Origin:*" in the response header. Any help would be greatly appreciated! Thank you.
function initiateConfirmationEmail(formObj){
var mailgunURL;
mailgunURL = "https://api.mailgun.net/v3/domain.com/messages"
var auth = btoa('api:MYAPIKEYHERE');
$.ajax({
type : 'POST',
cache : false,
headers: {"Authorization": "Basic " + auth},
url : mailgunURL,
data : {"from": "emailhere", "to": "recipient", etc},
success : function(data) {
somefunctionhere();
},
error : function(data) {
console.log('Silent failure.');
}
});
return false;
}
Drazisil is correct above. The response needs to include Access-Control-Allow-Headers: Authorization as you are including that header in your request and Authorization is not a simple header.
Using node.js and the Request package from the browser (via browserify), I am using CORS to do a HTTP GET request on a separate domain.
On the server, when I set 'Access-Control-Allow-Origin' to the wildcard '*', I get the following error on the client:
XMLHttpRequest cannot load .... A wildcard '*' cannot be used in the
'Access-Control-Allow-Origin' header when the credentials flag is
true. Origin '...' is therefore not allowed access.
The HTTP request header looks like this:
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8,ja;q=0.6
Access-Control-Request-Headers:withcredentials
Access-Control-Request-Method:GET
Cache-Control:no-cache
Connection:keep-alive
Host:localhost:3000
Origin:http://localhost:9966
Pragma:no-cache
Referer:http://localhost:9966/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
So clearly the problem is Access-Control-Request-Headers:withcredentials in the header, right?
To be able to remove this, I need to set the 'withcredentials' property of the 'XMLHttpRequest' object to 'false'. However, I cannot figure out where node.js or the Request package are creating the 'XMLHttpRequest' object, and how I can even access this.
Thanks.
After some investigation, I discovered that the withCredentials setting can be passed in via the options parameter object:
var req = http.request({
withCredentials: false
}, function(res) {
//...
});
req.end();
If undefined, the default setting is true.
Reference from the http-browserify/lib/request.js source:
if (typeof params.withCredentials === 'undefined') {
params.withCredentials = true;
}
try { xhr.withCredentials = params.withCredentials }
catch (e) {}
I am using JS to access the rdio plugin. I am using the following for Oauth http://code.google.com/chrome/extensions/tut_oauth.html.
I am able to get the signed token etc. However, when ever I try to send a signedRequest at http://api.rdio.com/1/, I receive 401, un-authorized error.
X-Mashery-Error-Code:ERR_401_INVALID_SIGNATURE
X-Mashery-Responder:mashery-web4.LAX
This is what I am trying to send:
var url = 'http://api.rdio.com/1/';
var request = {
'method': 'POST',
'headers': {
'Content-Type': 'application/x-www-form-urlencoded'
},
'parameters': {
'alt': 'json',
'method':'currentUser'
},
'body': 'Data to send'
};
bgPage.oauth.sendSignedRequest(url, mycallback, request);
I receive the following error in console.
Request URL:http://api.rdio.com/1/?alt=json&method=currentUser&oauth_consumer_key=yv8ehzehdv55**********&oauth_nonce=******&oauth_signature=**********&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1305190893&oauth_token=us6myp99p4qc86umea9p8fp*****************
Request Method:POST
Status Code:401 Unauthorized
Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:12
Content-Type:application/x-www-form-urlencoded
Cookie:__qca=P0-158278476-1296771701175; r=eyJfdSI6IDE5MjY1LCAiX2UiOiAzMTU1NjkyNn0.SvN8xd7rIuLzTp7hxqi4eJEdvu8; __utmz=225830489.1305153361.198.18.utmcsr=rdioquiz.ianloic.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=225830489.281668250.1296676147.1305184513.1305187119.201; __utmc=225830489
Host:api.rdio.com
Origin:chrome-extension://oiojbkkpmcgmpnjkhjmaggajckamjkap
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_6) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.24
Query String Parameters
alt:json
method:currentUser
oauth_consumer_key:yv8ehzehdv55pbb74ss9dt23
oauth_nonce:BQF0x
oauth_signature:KttF************tRO 8PL yjPF2Ktk=
oauth_signature_method:HMAC-SHA1
oauth_timestamp:1305190893
oauth_token:us6myp99p4qc86umea9p8fphbgq4dxdd76txvyn***********
Form Data
Data to send:
Response Headers
Accept-Ranges:bytes
Content-Length:30
Content-Type:text/xml
Date:Thu, 12 May 2011 09:01:33 GMT
Server:Mashery Proxy
X-Mashery-Error-Code:ERR_401_INVALID_SIGNATURE
X-Mashery-Responder:mashery-web4.LAX
*I am just trying to mimic what's mentioned here. Its an Oauth library(http://code.google.com/chrome/extensions/tut_oauth.html) from Google to make Chrome extension development easy.
They have an Oauth sample code to get your document list etc. http://code.google.com/chrome/extensions/samples.html#4e35caa9742fb82dbd628892d23a781614f6eff6
I think I am not able to get past send a POST requestto the rdio API. It gives an un-authorized error.*
We found a similar issue with the same service (rdio) and method ("currentUser").
What ended up working was:
(1) make sure you have method=currentUser in the POST body; I'm not sure from the above curl output if that is the case.
And, this is the bit that actually fixed the issue:
(2) we had to also add the method name to the signature itself.
FYI we used this library: https://oauth.googlecode.com/svn/code/javascript/
But the tricky part, as you are seeing, was figuring out how to seed the method in that library that creates the signature. Without the 'method=currentUser' being part of the signature, we experienced the same error condition.
Check your timezone, date, and time on your computer. If any one of these is wrong, OAuth will fail.