JQuery.ajax does not send an authorization header with an OPTIONS request

Question

JQuery.ajax does not send an authorization header with an OPTIONS request

It seems that jQuery does not send an Authorization header when sending an OPTIONS request before a POST request (or possibly other types). The server I am trying to reach returns 401 status for an OPTIONS request - how can I get jQuery to include the Authorization header even in this initial request?

 $.ajax({ type: "POST", url: url, data: postData, beforeSend: function ajaxBeforeSend(jqXHR) { jqXHR.withCredentials = true; jqXHR.setRequestHeader("Authorization", "Basic " + btoa(encodeURIComponent(escape($username.val())) + ":" + encodeURIComponent(escape($password.val())))); }, success: runReportUrlCallback, error: runReportErrorCallback });

I also tried adding username and password to ajax options, but to no avail.

+6

javascript jquery ajax cors

Josh M. Feb 23 '15 at 5:17

source share

1 answer

danday74 · Answer 1 · 2017-03-30T03:54:16+0000

The third-party server seems to be configured incorrectly without an OPTIONS request.

W3 states that the pre-flight OPTIONS request should:

Exclude user credentials.

User credentials defined:

The term user credentials for the purposes of this specification means cookies, HTTP authentication, and client-side SSL certificates.

See https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0

If the server is in your control, you simply put the OPTIONS request handler before your authentication check.

If the server is NOT in your control, which seems to be the case here, then you moan to the server administrator, explaining that they did it wrong and hope that they will change it.

JQuery.ajax does not send an authorization header with an OPTIONS request

More articles: