I have a Javascript function that posts to a PHP page to assign session vars.
Here is the code for the update function:
function updateSession() {
$.ajax({
type: "POST",
url: "update-session.php",
data: $('#welcome').serialize() + '&ajax=true'
});
}
When I run this function, I get an error on line '8630' for jQuery which is a line containing the following:
try {
// Do send the request (this may raise an exception)
xhr.send( options.hasContent && options.data || null );
} catch ( e ) {
// #14683: Only rethrow if this hasn't been notified as an error yet
if ( callback ) {
throw e;
}
}
The POST is not going across a different domain and I have already tried using the full URL in the AJAX POST.
My request headers are below:
Accept
*/*
Accept-Encoding
gzip, deflate
Accept-Language
en-US,en;q=0.5
Content-Length
124
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
User-Agent
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
X-Requested-With
XMLHttpRequest
I've also tried using different versions of jQuery.
Any help would be appreciated!
Related
I'm tryng to perfom a simple ajax post request to retrieve some data from a website.
In detail i'm trying to contact a page that a website recall to have some informations.
So i have the main website and a page that it calls to retrive data.
I discovered that page using the google inspection section, in particular in the xhr section of network field of the inspector.
In my code i used all the headers and the payload data that are used by the website to contact the page.
This is the code that i'm using to reach my goal:
var XMLHttpRequest = require("xmlhttprequest").XMLHttpRequest;
var url = 'https://www.remax.pt/Webservices/MainWebService.asmx/GetCityList';
var body = {"SiteRegionID":"12","RegionID":"12","RegionRowID":"78","ProvinceID":"0",
"LanguageCode":"ITA","MinInternetCount":"0","SearchType":"","OfficeAgent":"0",
"EncodingLanguage":"PTG","OfficeAgentId":"0"};
var xhr = new XMLHttpRequest();
xhr.onload = function () {
var data = xhr.responseText;
if (xhr.readyState == 4 && xhr.status == "200") {
console.table("results: "+data);
} else {
console.error("error: "+data);
}
}
xhr.open("POST", url, true);
xhr.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');
//xhr.setRequestHeader("Content-Type","text/html");
xhr.setRequestHeader("Access-Control-Allow-Origin","*");
xhr.setRequestHeader("accept", "application/json, text/javascript, */*; q=0.01");
xhr.setRequestHeader("authority", "www.remax.pt");
xhr.setRequestHeader("scheme", "https");
xhr.setRequestHeader("path", "/Webservices/MainWebService.asmx/GetCityList");
xhr.setRequestHeader("accept-language","it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7");
//xhr.setRequestHeader('accept-encoding', 'gzip, deflate, br');
//xhr.setRequestHeader("host", "https://www.remax.pt");
//xhr.setRequestHeader('referer', 'https://www.remax.pt/PublicListingList.aspx');
//xhr.setRequestHeader('content-length', '192');
//xhr.setRequestHeader('cookie','__cfduid=dc7dd48ccff40ee4f85840bfc35685b311531384150; PersonalizationMap=; PersonalizationGallery=SelectedCountryID=12; GtTransLang=ITA; SLINGSHOT=LanguageCode=it-IT; SessionId=1ac0ec84-6a03-4965-ba90-7eb686f66bf5; ASP.NET_SessionId=rgia1pblms2abf11ypsbiqgz; GtTrans=ENU; LastSearch=SiteRegionID=12&TransactionTypeUID=260&RegionID=12&RegionRowID=78&LocationText=Porto&LocationValue=YR78&PriceCurrency=EUR&ComRes=2; PersonalizationRegion=#mode=list&tt=260&cr=2&r=78&cur=EUR&la=All&sb=PriceIncreasing&page=1&sc=12&sid=a81a1d1d-ee36-4236-a72e-31343349c574; PersonalizationDate=2018-7-24 10:0:30');
xhr.setRequestHeader("user-agent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36");
xhr.setRequestHeader("x-requested-with", "XMLHttpRequest");
xhr.send(JSON.stringify(body);
Actually i never receive an answer. I think that the flow of operations never enter in the onLoad section because the string that there are in if and else sections are never printed.
I wanna specify that some headers are commented because i had an answer of this type:
Refused to set unsafe header 'nameHeader'
So i decided to do not use them for the moment.
I tried to change some headers or add something new but the problem remains and honestly i don't have idea if it is a problem of syntax of some fields or if i need other things to perform an acceptable request.
for completeness i insert the 4 fields that i found in the inspector tool that specify the parameters passed by the website to call the page:
GENERAL:
1. Request URL:
https://www.remax.pt/Webservices/MainWebService.asmx/GetCityList
2. Request Method: POST
3. Status Code: 200
4. Remote Address: 104.25.40.105:443
5. Referrer Policy: no-referrer-when-downgrade
RESPONSE HEADERS:
List item
cache-control: private, max-age=0
cf-ray: 43f532b9e9886260-LIS
content-encoding: br
content-type: application/json; charset=utf-8
date: Tue, 24 Jul 2018 09:00:44 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
status: 200
x-aspnet-version: 4.0.30319
x-ua-compatible: IE=9, IE=8
REQUEST HEADERS:
authority: www.remax.pt
method: POST
path: /Webservices/MainWebService.asmx/GetCityList
scheme: https
accept: application/json, text/javascript, /; q=0.01
accept-encoding: gzip, deflate, br
accept-language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7
content-length: 192
content-type: application/json; charset=UTF-8
cookie: __cfduid=dc7dd48ccff40ee4f85840bfc35685b311531384150; PersonalizationMap=; PersonalizationGallery=SelectedCountryID=12; GtTransLang=ITA; SLINGSHOT=LanguageCode=it-IT; SessionId=1ac0ec84-6a03-4965-ba90-7eb686f66bf5; ASP.NET_SessionId=rgia1pblms2abf11ypsbiqgz; GtTrans=ENU; LastSearch=SiteRegionID=12&TransactionTypeUID=260&RegionID=12&RegionRowID=78&LocationText=Porto&LocationValue=YR78&PriceCurrency=EUR&ComRes=2; PersonalizationRegion=#mode=list&tt=260&cr=2&r=78&cur=EUR&la=All&sb=PriceIncreasing&page=1&sc=12&sid=a81a1d1d-ee36-4236-a72e-31343349c574; PersonalizationDate=2018-7-24 10:0:30
origin: https://www.remax.pt
referer: https://www.remax.pt/PublicListingList.aspx
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
x-requested-with: XMLHttpRequest
REQUEST PAYLOAD:
{"SiteRegionID":"12","RegionID":"12","RegionRowID":"78","ProvinceID":"0","LanguageCode":"ITA","MinInternetCount":"0","SearchType":"","OfficeAgent":0,"EncodingLanguage":"PTG","OfficeAgentId":0}
I'm using zapworks studio to develop an AR experience. It uses Z.ajax to make the ajax calls. I make a GET request and a POST request. I'm also using smileupps to host couchdb(they have free hosting). Here's the CORS configuration:
credentials: false; headers:Accept, Authorization, Content-Type, Origin;
methods: GET,POST,PUT,DELETE,OPTIONS,HEAD; origins: *
Everything works fine when launching ZapWorks Studio on windows. When scanning the zapcode with an android device, however, the post ajax call fails. Only the post. I am using basic authentication. I enforce that only the admin can manage the database on couchdb. I can access the host from both the desktop and the phone from a web browser to do everything manually.
I tried everything I could of to solve the problem: remove authentication, change the CORS configuration...nothing works. I thought it was an issue with CORS but everything works fine on windows and on the mobile just the POST fails...I keep getting a status code of 0.
EDIT - New info, testing on apitester also works on the desktop and mobile.
EDIT - Here's the zpp to show the logic
EDIT - Tried with REST Api Client on my phone and it worked as well. This can only be a CORS issue or something with zapworks. Weird that it works on windows but not on the phone.
EDIT - I found out what the problem is, but not how to fix it. So I set a proxy to debug the requests made from zapworks studio following this tutorial. It seems that it does a preflight request but gets the response
"HTTP/1.1 405 Method Not Allowed"
even though the payload is
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST
allowed"}.
Here's the request:
OPTIONS /ranking HTTP/1.1
Host: somehost.com
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: null
User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G950U1 Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36
Access-Control-Request-Headers: authorization,content-type,x-requested-with
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US
X-Requested-With: com.zappar.Zappar
and the response:
HTTP/1.1 405 Method Not Allowed
Server: CouchDB/1.6.0 (Erlang OTP/R15B01)
Date: Mon, 18 Jun 2018 21:22:12 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 76
Cache-Control: must-revalidate
Allow: DELETE,GET,HEAD,POST
Access-Control-Expose-Headers: Cache-Control, Content-Type, Server
Access-Control-Allow-Origin: null
Connection: keep-alive
{"error":"method_not_allowed","reason":"Only DELETE,GET,HEAD,POST allowed"}
which clearly shows that POST is allowed...
On the windows side, there doesn't seem to be a preflight request for some reason and my guess is that's why it works. Now the question is how do I configure CORS on couchdb to work on android. These are the configurations available:
enable_cors: true
credentials: false
headers:Accept, Authorization, Content-Type, Origin
methods:GET,POST,PUT,DELETE,OPTIONS,HEAD
origins:*
This is the code:
const Open_SansRegular_ttf0 = symbol.nodes.Open_SansRegular_ttf0;
parent.on("ready", () => {
const Plane0 = symbol.nodes.Plane0;
let ajaxParameters : Z.Ajax.Parameters = {
url: "https://something.smileupps.com/test/_all_docs?include_docs=true",
headers: {"Authorization": "Basic my64encoding"},
method: "GET",
timeout: 3000
};
// Perform the AJAX request
Z.ajax(ajaxParameters, (statusCode, data, request) => {checkRequest(statusCode, data);});
ajaxParameters = {
url: "https://something.smileupps.com/test",
headers: {"Content-Type":"application/json", "Authorization": "Basic my64encoding"},
method: "POST",
body: '{"name" : "asdasd", "something": 234}',
timeout: 3000
};
Z.ajax(ajaxParameters, (statusCode, data, request) => {checkRequest(statusCode, data);});
});
function checkRequest(statusCode, data) {
if (statusCode === 0) {
Open_SansRegular_ttf0.text("Unable to connect - check network connection.");
console.log("Unable to connect - check network connection.");
return;
}
if (statusCode < 200 || statusCode >= 300) {
Open_SansRegular_ttf0.text("HTTP request failed: " + statusCode);
console.log("HTTP request failed: " + statusCode);
return;
}
// Attempt to parse the data returned from the AJAX request as JSON
let parsedData;
try {
// https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse
parsedData = JSON.parse(data);
} catch (e) {
Open_SansRegular_ttf0.text("Unable to parse JSON: " + e);
console.log("Unable to parse JSON: " + e);
return;
}
return parsedData;
}
EDIT
Here's the request on windows
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:en-US
Authorization:Basic mybase64encoding
Connection:keep-alive
Content-Length:37
Content-Type:application/json
Host:http://something.smileupps.com/test
Origin:file://
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ZapWorksStudio/4.0.4-stable Chrome/58.0.3029.110 Electron/1.7.9 Safari/537.36
X-DevTools-Request-Id:3680.9
X-Requested-With:XMLHttpRequest
and the response:
Access-Control-Allow-Origin:file://
Access-Control-Expose-Headers:Cache-Control, Content-Type, ETag, Server
Cache-Control:must-revalidate
Content-Length:95
Content-Type:text/plain; charset=utf-8
Date:Mon, 18 Jun 2018 21:36:22 GMT
ETag:"1-512f89feb3d0a88781119e772ec6fd7b"
Location:http://something.smileupps.com/test
Server:CouchDB/1.6.0 (Erlang OTP/R15B01)
No preflight.
Your problem is in the request: Origin: null is usually what you get when the Web page containing the xhr request is opened with the file: rather than the http or https protocol. You won't get any successful CORS request with such an origin.
I am using Visual Studio 2013 ASP.NET Identity template.
After user successfully logs in, the user is taken to a page with table.
Page has search options and search function is javascript driven
The javascript sends user selected parameters in form of an ajax request
I am having problems because AJAX request is well constructed from client side and sent to correct URL but it immediately gets redirected and parameters are lost.
I am not sure if this is happening because the request should be authenticated/authorized. I tried the following
$.ajax({
type: 'POST',
url: '<%=Config.VirtualDir %>listings.aspx' + '?filterattribute=y&call=ajax',
data: { 'zipcode': ZipCode, 'bedrooms': BedRooms, 'bathrooms': Bathroom, 'SquareFeetMin': SquareFeetMin, 'SquareFeetMax': SquareFeetMax, 'PriceMin': MinPrice, 'PriceMax': MaxPrice, 'Radius': Radius, 'Years': Years, 'IntRate': IntRate, 'DownPayment': DownPayment, 'sort': ddlsort, 'crfrom': capfrom, 'crto': capto, 'cffrom': cflowfrom, 'cfto': cflowto, 'roifrom': roifrom, 'roito': roito, 'vefrom': vefrom, 'veto': veto, 'chksupp': supp, 'undadd': undadd },
beforeSend: function(xhr){
xhr.withCredentials = true;
},
success: function (response) {
$('#DivRender').html(response);
DisplayPaging();
UpdateDropDowns();
$.hideprogress();
}
});
I checked how the request is handled in Fiddler and Here is what happens
Request1
POST /listings.aspx?filterattribute=y&call=ajax HTTP/1.1
Host: localhost:1794
Connection: keep-alive
Content-Length: 277
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,sv;q=0.6
Cookie: 83VLqQgggt8=CfDJ8EqbzpbyFkFAtEyP1X9rGYWcW8ryXAnh-VbYXDpLXBhNXU5Brq_PAiggJHvIwAXK2yZZPz5_NBCSTjV9FYC1O6PEvmGVe9r8feB74Rjc0hANEjsG_Pf6k6iwYdnRRxxHDD5qSRAAYJHGa3LpH4MOlww; .AspNet.Microsoft.AspNet.Identity.Application=CfDJ8EqbzpbyFkFAtEyP1X9rGYUDNW-ipW7_DjFWLk0XMejiHWRdCnQmZMipzvTZJcnYL3ncfpETFYsVA3s2UHEnvkUJEbxPIBfuNNoRLQrhaoJaegw78lGv1XWRXgJ9g5GikhXprPsC9Nt8n7Wt6UVT24Wao-CHiVHVZVOX3weXu8Eu48W8gEhnXzvG1Vx57tGWPiSbu9mJiIOXoJyO-ybxNuontF7g6hfCAi0f9ohonq2Mal9xWhVtHWUQnIYTdlrbnueX6guTMyCPmS8augNyZSAmGqRfCr9KfoTYy4bAjIaOpxKANS6qeTQdCP07oB_axsNJ1QS1RsxWIj5EHFeENARKK2GEcnKL_mZyRzsvzTWJooyc6b0EfsEOOG48qJiohxQUu8CL_Ag0WdLIvyOyg_6-mFjHEHLatYqRXs_UQgsM0bYABG98p-UlgADehXJ8MyjRDpvT_0K20VnLJPFKUY0bbmBDsg5U34cMBsTfz4qndFr4jsjQDuXlRPCXroyFkHqsefajLHHtW4A5iwniKjNExd_MS9yQZfsXg3DDAPqzg2ZCaFTvrPwMbwyMG6Z5INW0RdShtbtRc_GYWruu0WOQpzcjcfhOZv6x5SLgFGlEYxImME6He1rfZmcAjxb28mmOZWmTRjtE5eqEmAQkGGI; QeabOx42yKQ=CfDJ8EqbzpbyFkFAtEyP1X9rGYUuSJv5TYKtxst2zuRG2lWOmZp_VfHjxfZaE_bUCEWq2rteZo2wx91WWM0BLDhC-RS_LeSjhlbsCNd_Xa-eaQtKHCg6kt0fov8WuunyJBTisOKqkyoEk9a0eBKp8yDptK0; ai_user=18AE4C91-FECF-494B-B67A-486D1A2F5164|2015-08-25T03:19:36.296Z; __AntiXsrfToken=b7689c9fd71643389b3ab3c2e5543f3c; .AspNet.ApplicationCookie=dMOEe4RBWpIuwm_zyjhPKFhEsS2cMLLybv6DeO0-aDn4oo_jTyQq6WzPSmF-GZZa7SDjfs9HSnlWcQyQgP0G9LE_DK9ZPbzeb2tcsu3GNnPkP1LGJz8wmL8JLRh_T4s-o-ZNCnFtbESkQYrQlIX3vBc2FZ0-Kh4dz6T0pGldEQHWXkkTQlUxIlnP5Z224VRL_E9UpbjWBbBxuLXGyAq6IXBiBsK-6q5jhw58FsYp4VnIGp3qM4mdG7lWYP_NcYDt4Z0fMW34p0VaWPImef2CsrLMiBODWDhm-0ogS9fkGpa0_lQHE-H3nvcSUN6cpmqSDA7lZ7EzZjQRsv-09SttMouf9mf3qwaRbjcoxxOez_pzcAypDgkFjnPbdtyDK-9MXyIRajT8pay9mRc-YlpjoZgwW3Ww3de1a4qeRJB7zLNr2Ec8gGVZEFRakUIfIj-RSn4a9vmhETk5UTE8X-Yc99AMDnauKhmg5y09GwhGdO1Iv62kauaD_Kpxq14ATfCu; .ASPXAUTH=1647B3E8FA3AB2D87B584B214BF8BFEB3390BBBE6BBB9F35B6C01A8E2DDB4D3A31A2F1906E93298C87D5FE9A6E1D869D055A1CC2BE6B1A25316B1BEA229E144D2D1FAB1B038013DD96DE9BA072C6511A10526A34DC959868C808FCD458ADDF40DAB7856C3639D74AC00AFD21166D6ED5DF82726E
zipcode=92801%2C92802%2C92804%2C92805%2C92806%2C92807
Response 1: HTTP/1.1 301 Moved Permanently
**Second Immediate Request**
GET /listings?filterattribute=y&call=ajax HTTP/1.1
Host: localhost:1794
Connection: keep-alive
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,sv;q=0.6
Cookie: 83VLqQgggt8=CfDJ8EqbzpbyFkFAtEyP1X9rGYWcW8ryXAnh-VbYXDpLXBhNXU5Brq_PAiggJHvIwAXK2yZZPz5_NBCSTjV9FYC1O6PEvmGVe9r8feB74Rjc0hANEjsG_Pf6k6iwYdnRRxxHDD5qSRAAYJHGa3LpH4MOlww; .AspNet.Microsoft.AspNet.Identity.Application=CfDJ8EqbzpbyFkFAtEyP1X9rGYUDNW-ipW7_DjFWLk0XMejiHWRdCnQmZMipzvTZJcnYL3ncfpETFYsVA3s2UHEnvkUJEbxPIBfuNNoRLQrhaoJaegw78lGv1XWRXgJ9g5GikhXprPsC9Nt8n7Wt6UVT24Wao-CHiVHVZVOX3weXu8Eu48W8gEhnXzvG1Vx57tGWPiSbu9mJiIOXoJyO-ybxNuontF7g6hfCAi0f9ohonq2Mal9xWhVtHWUQnIYTdlrbnueX6guTMyCPmS8augNyZSAmGqRfCr9KfoTYy4bAjIaOpxKANS6qeTQdCP07oB_axsNJ1QS1RsxWIj5EHFeENARKK2GEcnKL_mZyRzsvzTWJooyc6b0EfsEOOG48qJiohxQUu8CL_Ag0WdLIvyOyg_6-mFjHEHLatYqRXs_UQgsM0bYABG98p-UlgADehXJ8MyjRDpvT_0K20VnLJPFKUY0bbmBDsg5U34cMBsTfz4qndFr4jsjQDuXlRPCXroyFkHqsefajLHHtW4A5iwniKjNExd_MS9yQZfsXg3DDAPqzg2ZCaFTvrPwMbwyMG6Z5INW0RdShtbtRc_GYWruu0WOQpzcjcfhOZv6x5SLgFGlEYxImME6He1rfZmcAjxb28mmOZWmTRjtE5eqEmAQkGGI; QeabOx42yKQ=CfDJ8EqbzpbyFkFAtEyP1X9rGYUuSJv5TYKtxst2zuRG2lWOmZp_VfHjxfZaE_bUCEWq2rteZo2wx91WWM0BLDhC-RS_LeSjhlbsCNd_Xa-eaQtKHCg6kt0fov8WuunyJBTisOKqkyoEk9a0eBKp8yDptK0; ai_user=18AE4C91-FECF-494B-B67A-486D1A2F5164|2015-08-25T03:19:36.296Z; __AntiXsrfToken=b7689c9fd71643389b3ab3c2e5543f3c; .AspNet.ApplicationCookie=dMOEe4RBWpIuwm_zyjhPKFhEsS2cMLLybv6DeO0-aDn4oo_jTyQq6WzPSmF-GZZa7SDjfs9HSnlWcQyQgP0G9LE_DK9ZPbzeb2tcsu3GNnPkP1LGJz8wmL8JLRh_T4s-o-ZNCnFtbESkQYrQlIX3vBc2FZ0-Kh4dz6T0pGldEQHWXkkTQlUxIlnP5Z224VRL_E9UpbjWBbBxuLXGyAq6IXBiBsK-6q5jhw58FsYp4VnIGp3qM4mdG7lWYP_NcYDt4Z0fMW34p0VaWPImef2CsrLMiBODWDhm-0ogS9fkGpa0_lQHE-H3nvcSUN6cpmqSDA7lZ7EzZjQRsv-09SttMouf9mf3qwaRbjcoxxOez_pzcAypDgkFjnPbdtyDK-9MXyIRajT8pay9mRc-YlpjoZgwW3Ww3de1a4qeRJB7zLNr2Ec8gGVZEFRakUIfIj-RSn4a9vmhETk5UTE8X-Yc99AMDnauKhmg5y09GwhGdO1Iv62kauaD_Kpxq14ATfCu; .ASPXAUTH=1647B3E8FA3AB2D87B584B214BF8BFEB3390BBBE6BBB9F35B6C01A8E2DDB4D3A31A2F1906E93298C87D5FE9A6E1D869D055A1CC2BE6B1A25316B1BEA229E144D2D1FAB1B038013DD96DE9BA072C6511A10526A34DC959868C808FCD458ADDF40DAB7856C3639D74AC00AFD21166D6ED5DF82726E
How do i make sure that the ajax post request sends session cookies along with the request so that redirect doesnt happen.
If you want to make sure you're not being affected by authentication redirects:
Check out your OWIN Startup class, you should have a line like this (taken from default MVC, will be similar for Web API):
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
});
The LoginPath property here will redirect all unauthenticated requests (if the request requires authorization) to the specified path.
Try your AJAX request again without that LoginPath, you will probably get a 401 Unauthorized.
If you want to keep the LoginPath redirect but don't want it to affect your AJAX calls, check out this post from Brock Allen about handling 401s differently depending on the requesting application.
In your case it is better to use [WebMethod] instead of sending a request to the page. In WebMethod also you can access Session.
I have an ASP.NET/MVC site calling into WebApi webservices, using JQuery's $.ajax(). Most of these have been working fine, but I have one for which none of the callback functions - done(), fail(), always() - are being called.
The service is being called, and according to Fiddler, a response is being returned. But JQuery isn't calling any of the callback functions.
Other are working fine. Or seem to be.
The calling code is the same, in every case:
core.callService = function (serviceUrl, httpType, token, data, failMessage, callback)
{
try
{
var parameters = {
type: httpType,
dataType: "json",
timeout: ajaxRequestTimeoutMS,
headers: { "authenticationToken": "" + token }
};
if (httpType === "POST" || httpType === "PUT" || httpType === "DELETE")
{
parameters.contentType = "application/json; charset=utf-8";
parameters.data = JSON.stringify(data);
}
else
{
parameters.data = data;
}
debugger;
$.ajax(serviceUrl, parameters).done(
function (result, textStatus, jqXHR)
{
debugger;
// ...
}).fail(function (jqXHR, textStatus, errorThrown)
{
debugger;
// ...
}).always(function ()
{
debugger;
//whether success or failure
});
}
catch (e)
{
debugger;
callback({
success: false,
message: e.message,
data: null
});
}
finally
{
debugger;
}
};
Running Fiddler, I can see the request:
GET http://localhost:52057/api/MyController/myAction?myParameters HTTP/1.1
authenticationToken: eb76272e-b26e-4773-9d22-2218bea8beb1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://localhost:61986/Feedback?items%5B0%5D.updatetype=
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: localhost:52057
DNT: 1
Connection: Keep-Alive
Cookie: ...
And the response:
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-SourceFiles: =?UTF-8?B?RTpcZGV2XFplYnVcWmVidV93ZWJcdHJ1bmtcWmVidV93c1xhcGlcRW1haWxUb29sXHNlbmRFbWFpbA==?=
X-Powered-By: ASP.NET
Date: Mon, 30 Mar 2015 16:43:32 GMT
Content-Length: 21
{"message":"Success"}
So the response is getting back to the client, but JQuery is not calling the done() function, or the fail() function, or the always() function. And I can't see why. I've looked at the responses from other webservices, that are working, and I can't see anything different about them.
Any ideas?
=============Followup=============
More information, and more confusion.
If I call the webservice during the page init function, the callback is executed. If I call it from within the click event of a button, it does not.
Looking at the requests and responses, the only difference I see is in the referer field of the request. When I'm calling from the event function, I'm seeing "?items[0].updatetype=" appended to the URL. And I can't see find who's doing that.
OK, this one is just stupid. After hours of digging through the JavaScript and monitoring the network traffic trying to figure out why the callback functions weren't executing...
The click event that called my webservice was being generated by a submit button.
Argh!
My Django view:
class Main(View):
def post(self, request, *args, **kwargs):
obj = json.loads(request.raw_post_data)
//do something with obj
temp = Entry.objects.all();
result = []
for t in temp:
result.append( (t.key,t.value) );
return HttpResponse(json.dumps(result), content_type="application/json")
My javascript:
$.post("http://XXX/", JSON.stringify({}), function(data) {
alert("OK");
}, "json");
What firebug has to say:
POST http://193.0.96.129:8006/ 200 OK
Post Headers
Response headers
Content-Type application/json
Date Thu, 16 May 2013 00:00:28 GMT
Server WSGIServer/0.1 Python/2.7.3
Request headers
Accept application/json, text/javascript, */*; q=0.01
Accept-Encoding gzip, deflate
Accept-Language pl,en-us;q=0.7,en;q=0.3
Content-Length 2
Content-Type application/x-www-form-urlencoded; charset=UTF-8
Host XXX
Origin null
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
The data gets through to Django, but the success callback doesn't get called. Django server returns code 200, but in Firebug notification about the POST is red.
I tried multiple variations of the $.post call, none worked. If I use $.ajax call and specify error callback
error: function(xhr, textStatus, errorThrown) {
alert("some error" + xhr.responseText+ " X " + textStatus + " X " + errorThrown);
},
all I get to know is that "error" happend (xhr.responseText == textStatus == "error").
It seems like I was trying to do a "Cross-Domain" call. I was testing running the .html file locally, trying to call my remote Django server. Changing path of POST destination to relative, and running the script through Django view fixed the problem.
Thank you Daniel, the Content-Length thing was my carelessness, I posted different view version then one that we see responding in Firebug (it was returning "{}" I think - I was trying to debug).