Sending OAuth access token in Jquery Ajax request

Sending OAuth access token in Jquery Ajax request - javascript

Following documentation i put together this simple request. Every time i run this request i still get a 401 Authorization Required. I know the access token is fine because i use the same token using get to populate my models and it works fine it's only when i use post and place my token in the request headers.
Anyone else had this issue before?
jQuery.ajax( {
url: 'http://customer-server-2.dev/api/documents/add/.json',
type: 'POST',
data : {
guid : $('.guid-input').val(),
title : $('.title-input').val(),
payload : $('.payload-input').val()
},
beforeSend : function( xhr ) {
xhr.setRequestHeader( 'Authorization', 'BEARER ' + app.AccessToken );
},
success: function( response ) {
console.log(response);
},
error : function(error) {
console.log(error);
}
} );
response header
HTTP/1.1 401 Authorization Required
Date: Wed, 08 Apr 2015 12:20:28 GMT
Server: Apache/2.2.26 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.6
PHP/5.5.10 mod_ssl/2.2.26 OpenSSL/0.9.8za DAV/2 mod_perl/2.0.8 Perl/v5.18.2
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type, x-xsrf-token, Authorization
X-Powered-By: PHP/5.5.10
WWW-Authenticate: Bearer realm="Service", error="invalid_request", error_description="The access token was not found."
Content-Length: 81
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html
request header
OPTIONS /api/documents/add/.json HTTP/1.1
Host: customer-server-2.dev
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://test-client-app.dev
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2354.0 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: /
Referer: http://test-client-app.dev/index.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

Related

Fetch Request header not sending cookies in chrome (v90.0.44), working in Firefox(v88.0) (JS)

Really struggling on getting a Fetch API call to send cookies along in the request headers in Chrome (also they are not being set from 'Set-Cookie' response headers from returned API responses in Chrome). Both however, work on Firefox.
Feel like I've tried a million solutions here, can someone explain what I'm guessing is the SameSite issues for Chrome?
Our base api URL is https://stage-api-v2.cbb.play
Aliased hosts file for localhost:
127.0.0.1 localhost
127.0.0.1 local.cbb.play
Cookie that is set that we are trying to forward along
import * as cookie from 'cookie';
import { NextApiRequest, NextApiResponse } from 'next';
export default (req: NextApiRequest, res: NextApiResponse) => {
res.setHeader(
'Set-Cookie',
cookie.serialize('refresh_token', req.body.token, {
httpOnly: true,
maxAge: 60 * 60,
secure: process.env.NODE_ENV === 'production',
path: '/',
sameSite: 'lax',
domain: '.cbb.play',
})
);
res.statusCode = 200;
res.json({ success: true });
};
Front end code that calls the API:
async function renewSession(payload) {
return await fetch(process.env.BASE_URL + '/api/user/renew-session', {
method: 'POST',
credentials: 'include',
headers: { 'Content-type': 'application/json' },
body: JSON.stringify(payload)
})
}
Request header in Firefox:
POST /api/user/renew-session HTTP/2
Host: stage-api-v2.cbb.play
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0
Accept: application/json
Accept-Language: en-CA,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: http://local.cbb.play:3000/
Content-Type: application/json
Origin: http://local.cbb.play:3000
Connection: keep-alive
Cookie: refresh_token=a49d51basasdfg4a569cc43b8603ac916f72c0102ace7b463d9c2;
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
TE: Trailers
Request Header in Chrome (no cookie):
:authority: stage-api-v2.cbb.play
:method: POST
:path: /api/user/renew-session
:scheme: https
accept: application/json
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
content-length: 0
content-type: application/json
origin: http://local.cbb.play:3000
pragma: no-cache
referer: http://local.cbb.play:3000
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
sec-ch-ua-mobile: ?0
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Response Header: (Note, removed non-important properties)
access-control-allow-credentials: true
access-control-allow-headers: Set-Cookie, Credentials, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
access-control-allow-methods: GET, HEAD, OPTIONS, POST, PUT, DELETE
access-control-allow-origin:http://local.cbb.play:3000
access-control-expose-headers: Content-Length,Content-Range,Set-cookie
content-encoding: gzip
content-type: application/json

AJAX POST, why is data sent over URL?

I make an Ajax Post and get the following error:
414 Request-URI Too Large
Why is the data still sent over the URL and not only in the body?
In Chrome is see param1 data in the request URL, query string parameters and in request payload, how to remove it from the URL?
routes = JSON.stringify(routes);
$.ajax({
type: "POST",
url: "http://127.0.0.1:3000/s",
data: {
param1: routes
},
success: function(data) {
$('div.home-products').html(
data);
}
});
This is the full routes object after stringify:
{"0":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":-19.9245,"lng":-43.93520000000001}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":54},"1":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":52.52,"lng":13.404999999999973}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":53},"2":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":44.7866,"lng":20.44889999999998}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":52},"3":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":37.9838,"lng":23.727499999999964}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":51},"4":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":40.8518,"lng":14.268100000000004}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":50},"5":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.0527,"lng":12.224500000000035}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":49},"6":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.8566,"lng":2.3522199999999884}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":48},"7":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":51.0504,"lng":13.737300000000005}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":47},"8":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":46},"9":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":44}}
This the Chrome network
Request URL: http://127.0.0.1:3000/en/s?param1=%7B%220%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A-19.9245%2C%22lng%22%3A-43.93520000000001%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A54%7D%2C%221%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A52.52%2C%22lng%22%3A13.404999999999973%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A53%7D%2C%222%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A44.7866%2C%22lng%22%3A20.44889999999998%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A52%7D%2C%223%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A37.9838%2C%22lng%22%3A23.727499999999964%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A51%7D%2C%224%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.8518%2C%22lng%22%3A14.268100000000004%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A50%7D%2C%225%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A48.0527%2C%22lng%22%3A12.224500000000035%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A49%7D%2C%226%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A48.8566%2C%22lng%22%3A2.3522199999999884%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A48%7D%2C%227%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A51.0504%2C%22lng%22%3A13.737300000000005%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A47%7D%2C%228%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A49.7764%2C%22lng%22%3A12.091699999999946%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A46%7D%2C%229%22%3A%7B%22result_api%22%3A%7B%22geocoded_waypoints%22%3A%5B%7B%7D%2C%7B%7D%5D%2C%22routes%22%3A%5B%5D%2C%22status%22%3A%22ZERO_RESULTS%22%2C%22request%22%3A%7B%22origin%22%3A%7B%22location%22%3A%7B%22lat%22%3A49.7764%2C%22lng%22%3A12.091699999999946%7D%7D%2C%22destination%22%3A%7B%22location%22%3A%7B%22lat%22%3A40.7127753%2C%22lng%22%3A-74.0059728%7D%7D%2C%22travelMode%22%3A%22DRIVING%22%7D%7D%2C%22id%22%3A44%7D%7D&view=grid
Request Method: POST
Status Code: 414 Request-URI Too Large
Remote Address: 127.0.0.1:3000
Referrer Policy: no-referrer-when-downgrade
Response Headersview source
Connection: close
Content-Length: 331
Content-Type: text/html; charset=ISO-8859-1
Date: Mon, 09 Apr 2018 18:40:48 GMT
Server: WEBrick/1.3.1 (Ruby/2.3.4/2017-03-30)
Request Headersview source
Accept: /
Accept-Encoding: gzip, deflate, br
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7,pt-BR;q=0.6,pt;q=0.5
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 4338
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: _st_session=SkhkUk1HSHhSS1liRXVZbmZBZUcxcE1IZkhVcTNpYkFrWnNWbE5TaFY4b295c0RIVlJMQ09EbFVhQnJvWXA5OW5QeGY4dEhnREpUN09rZUR3eDVOM1UyWWRxcUllN3E2azM2TE0zakttbnZENzRmRU5lWGRHN0ZaNFh6c1MrVzBZd1R1Q1lDeGNGb1Z5M0ZGZ1hncTlUZG9kMnFHdUFuNXg4R01pckR3dHFhYzhtb0l2VW0rWWZwUVV2UGJ1bXQrWE1OVGhDREpTellKV3VKaDVEQnZNQ0FmYkRmL3BoZjVwUG8vNmRucnpuOG9jOUhXUnpWS2dCeC9NUWx0Y2ZNcmtuMDludWhybmxBUTAxNjhPNi95U2c9PS0tV2VqeWNBV3k1d1VrNDBnMEwxa0Z6Zz09--76684486bfaa221829f7d6c7f99d1833550ef865
Host: 127.0.0.1:3000
Origin: http://127.0.0.1:3000
Pragma: no-cache
Referer: http://127.0.0.1:3000/s?view=grid
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
X-CSRF-Token: rlyweDRRbVWVz+TC3MW+roDh2N9WFoAfAPT5oiC+k6LfCgMx4N4zbpfRP98UUT9H2y55Fzco9pI3MQjkuqkPng==
X-Requested-With: XMLHttpRequest
Query String Parametersview source view URL encoded
param1: {"0":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":-19.9245,"lng":-43.93520000000001}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":54},"1":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":52.52,"lng":13.404999999999973}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":53},"2":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":44.7866,"lng":20.44889999999998}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":52},"3":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":37.9838,"lng":23.727499999999964}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":51},"4":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":40.8518,"lng":14.268100000000004}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":50},"5":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.0527,"lng":12.224500000000035}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":49},"6":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.8566,"lng":2.3522199999999884}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":48},"7":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":51.0504,"lng":13.737300000000005}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":47},"8":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":46},"9":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":44}}
view: grid
Form Dataview source view URL encoded
param1: {"0":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":-19.9245,"lng":-43.93520000000001}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":54},"1":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":52.52,"lng":13.404999999999973}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":53},"2":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":44.7866,"lng":20.44889999999998}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":52},"3":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":37.9838,"lng":23.727499999999964}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":51},"4":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":40.8518,"lng":14.268100000000004}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":50},"5":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.0527,"lng":12.224500000000035}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":49},"6":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":48.8566,"lng":2.3522199999999884}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":48},"7":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":51.0504,"lng":13.737300000000005}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":47},"8":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":46},"9":{"result_api":{"geocoded_waypoints":[{},{}],"routes":[],"status":"ZERO_RESULTS","request":{"origin":{"location":{"lat":49.7764,"lng":12.091699999999946}},"destination":{"location":{"lat":40.7127753,"lng":-74.0059728}},"travelMode":"DRIVING"}},"id":44}}
view: grid

This is just a wild guess, but see if this helps:
url: window.location.href.replace(/\?.*$/, ''),
You definitely don't need to be passing along the get parameters that are in your href value, and this will strip them off. Perhaps the presence of any get parameters, even if it's just view-grid causes ajax to send your POST parameters as query parameters as well.

It turned out to be the missing contentType: "json", option.

Unable to make redirect request using angular2

I am trying to login to backend service which redirects to different url after login using form data. When I try to login using rest client (postman), the request was successful but not when I try same using angular 2 ionic. I am not sure why its not working.
successful request from postman
General
Request URL:http://127.0.0.1:9000/auth/login
Request Method:POST
Status Code:303 See Other
Remote Address:127.0.0.1:9000
Response Headers
view source
Cache-Control:no-cache, no-store, must-revalidate
Content-Length:0
Date:Thu, 02 Mar 2017 02:55:26 GMT
Expires:0
Location:/auth/onLogin
Pragma:no-cache
Set-Cookie:PLAY_SESSION=e7685926e8ced464e3d4ea8e99b7bc9254170095-pa.u.exp=1489632926758&pa.p.id=password&pa.u.id=test%40example.com; Path=/; HTTPOnly
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Authorization:Basic dGVzdEBleGFtcGxlLmNvbTp0ZXN0MTIzNDU2
Cache-Control:no-cache
Connection:keep-alive
Content-Length:257
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryFfkhCAVy78Bq9fBz
Cookie:PLAY_SESSION=b79f66a47d1a22dd009cc0768fcb8054a2c547c8-pa.u.exp=1489630742877&pa.p.id=password&pa.u.id=test%40example.com
Host:127.0.0.1:9000
Origin:chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
Postman-Token:5cef52b4-dae9-dcde-d79d-d03949cf8a3b
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36
Request Payload
------WebKitFormBoundaryFfkhCAVy78Bq9fBz
Content-Disposition: form-data; name="email"
test#example.com
------WebKitFormBoundaryFfkhCAVy78Bq9fBz
Content-Disposition: form-data; name="password"
test123456
------WebKitFormBoundaryFfkhCAVy78Bq9fBz--
Using angular 2 with ionic
Code
public login() {
let headers = new Headers({ 'Content-Type': 'multipart/form-data' });
let options = new RequestOptions({ headers: headers });
var input = new FormData();
input.append('email', 'test#example.com');
input.append('password', 'test123456');
this.http.post('http://127.0.0.1:9000/auth/login', input, headers)
.map((res:Response) => {
var location = res.headers.get('Location');
console.log(res.headers.get('Location'));
}).subscribe(data => {
console.log(data);
});
}
Response
Request URL:
http://127.0.0.1:9000/auth/login
Request Method:
POST
Status Code:
303 See Other
Remote Address:
127.0.0.1:9000
Referrer Policy:
no-referrer-when-downgrade
Response Headersview source
Cache-Control:
no-cache, no-store, must-revalidate
Content-Length:
0
Date:
Fri, 03 Mar 2017 00:38:51 GMT
Expires:
0
Location:
/auth/onLogin
Pragma:
no-cache
Set-Cookie:
PLAY_SESSION=fe2e8c471e089531c12c9cbb0ec9fa346d3cc735-pa.u.exp=1489711131007&pa.p.id=password&pa.u.id=test%40example.com; Path=/; HTTPOnly
Request Headersview source
Accept:
*/*
Accept-Encoding:
gzip, deflate
Accept-Language:
en-US,en;q=0.8
Connection:
keep-alive
Content-Length:
257
Content-Type:
multipart/form-data; boundary=----WebKitFormBoundarysNcuRPNzpXf8OHKP
Host:
127.0.0.1:9000
Origin:
http://localhost:8100
Referer:
http://localhost:8100/
User-Agent:
Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3027.3 Mobile Safari/537.36
Request Payload
------WebKitFormBoundarysNcuRPNzpXf8OHKP
Content-Disposition: form-data; name="email"
test#example.com
------WebKitFormBoundarysNcuRPNzpXf8OHKP
Content-Disposition: form-data; name="password"
test123456
------WebKitFormBoundarysNcuRPNzpXf8OHKP--
and when it redirects to /auth/onLogin
Request URL:
http://127.0.0.1:9000/auth/onLogin
Request Method:
GET
Status Code:
500 Internal Server Error
Remote Address:
127.0.0.1:9000
Referrer Policy:
no-referrer-when-downgrade
Response Headersview source
Content-Length:
7959
Content-Type:
text/html; charset=utf-8
Date:
Fri, 03 Mar 2017 00:38:51 GMT
Request Headersview source
Accept:
*/*
Accept-Encoding:
gzip, deflate, sdch
Accept-Language:
en-US,en;q=0.8
Connection:
keep-alive
Content-Type:
multipart/form-data; boundary=----WebKitFormBoundarysNcuRPNzpXf8OHKP
Host:
127.0.0.1:9000
Origin:
http://localhost:8100
Referer:
http://localhost:8100/
User-Agent:
Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3027.3 Mobile Safari/537.36

Have you tried adding the withCredentials: true after your header?
Like this:
return this.http. post(
'http://127.0.0.1:9000/auth/login',
{
headers: this.headers,
withCredentials: true
},
)

Fail to add an HTTP header

I'm trying to produce an HTTP request with an Authorization header:
$.ajax({
type: 'GET',
url: "https://subdomain.domain.com/login",
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic " + btoa('username' + ":" + 'password'));
}})
But the request that's produced by this code does not contain an Authorization header:
OPTIONS /login HTTP/1.1
Host: subdomain.domain.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: GET
Origin: http://localhost:3021
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/12.3.4567.890 Safari/537.36
Access-Control-Request-Headers: authorization
Accept: /
Referer: http://localhost:3021/app.html
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,he;q=0.6
What am I doing wrong?

This may Solve your Problem.
$.ajax({
type: 'GET',
url: "https://subdomain.domain.com/login",
headers : {
"Authorization" : "Basic " + btoa('username' + ":" + 'password')
}
})

The problem was that I tried to make a cross-domain request do a server that does not allow CORS.
Therefore, the request I saw was a preflight request that used the OPTIONS method. If in this preflight request I had gotten the proper response CORS header, I would see my Authorization header in the real request. But since I did not pass the preflight OPTIONS request, I didn't have a real request, and therefore I didn't see the Authorization header.
I solved it by consuming the API using Node.js rather than the browser.

jQuery - ajax - post - json request - doesn't have post body in some URL

I've been stuck at this for a while now. I have ajax request here:
$.ajax({
url: UPDATE_USER_INFO_URL ,
type: "POST",
dataType: "json",
contentType: "application/json",
data: JSON.stringify({user:'user'}),
success: function (data, textStatus) {
if(data["statusCode"] && data["statusCode"] == 1) {
_callback(1,data);
}
else {
_callback(0,data);
}
},
error: function (jqXHR, textStatus){
_callback(0, {});
}
});
If I set UPDATE_USER_INFO_URL to a specific URL, fiddler show nothing in the body. If I set UPDATE_USER_INFO_URL to something else (even invalid URL), it does put {user:'user'} in the body in fiddler.
With original UPDATE_USER_INFO_URL:
POST http://10.35.50.26:8080/SelfServiceWs/user/session/upduserinfo HTTP/1.1
Accept: application/json, text/javascript, ; q=0.01
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Referer: http://10.35.50.26:8080/SelfService/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 10.35.50.26:8080
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=0BF9D9CCCE9030E60AB0BCE5F6562CD8
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==
Content-Length: 0
Chage url to /SelfServiceWs/abcdef
POST http://10.35.50.26:8080/SelfServiceWs/abcdef HTTP/1.1
Accept: application/json, text/javascript; q=0.01
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Referer: http://10.35.50.26:8080/SelfService/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 10.35.50.26:8080
Content-Length: 15
Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=9E79779805579A7964E03AAD76DF043B
{"user":"user"}
I have many other ajax calls, all are working as expected.
It must be little thing that I am missing.

I figured this out.
I have an authentication servlet filter to url /user/ssoauth, unexpectedly (to me), it made eveything call to URL under /user path (including /user/session/upduserinfo) to send out Authorization header. Moved filter to /user/auth/ssoauth stop client to send authorization header when calling user/session/upduserinfo and fix the problem.
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/user/ssoauth</url-pattern>
</filter-mapping>
cause every client call to URL after /user to send Authorization header.
I learned something new today!

try this
data: JSON.stringify({'user':'user'}),

Develop Reference

JavaScript is the programming language of the Web.

Sending OAuth access token in Jquery Ajax request - javascript

Related

Fetch Request header not sending cookies in chrome (v90.0.44), working in Firefox(v88.0) (JS)

AJAX POST, why is data sent over URL?

Unable to make redirect request using angular2

Fail to add an HTTP header

jQuery - ajax - post - json request - doesn't have post body in some URL

Categories

Resources