I've read a lot of documentation about CORS and authentication, and I'm pretty sure to do things correctly. I'm trying to authenticate a jQuery.ajax GET CORS request, like this:
$.ajax('', {
type: 'GET',
username: 'foo',
password: 'bar',
xhrFields: {
withCredentials: true
}
}).then(function (data) {
alert('success');
}, function (xhr) {
alert('failure');
});
but the browser keeps prompting me for credentials, not sending the provided ones. Try this at / where is supposed to send correct CORS headers.
I've read a lot of documentation about CORS and authentication, and I'm pretty sure to do things correctly. I'm trying to authenticate a jQuery.ajax GET CORS request, like this:
$.ajax('http://httpbin/basic-auth/foo/bar', {
type: 'GET',
username: 'foo',
password: 'bar',
xhrFields: {
withCredentials: true
}
}).then(function (data) {
alert('success');
}, function (xhr) {
alert('failure');
});
but the browser keeps prompting me for credentials, not sending the provided ones. Try this at http://jsfiddle/BpYc3/ where http://httpbin is supposed to send correct CORS headers.
Share Improve this question asked Nov 5, 2013 at 20:58 Giovanni LovatoGiovanni Lovato 2,2752 gold badges30 silver badges58 bronze badges 2-
XMLHttpRequest cannot load http://httpbin/basic-auth/foo/bar. Credentials flag is true, but Access-Control-Allow-Credentials is not "true".are you sure the server is allowing cross-origin credentials? I haven't had to deal with this, but that's where i would look first due to that error. – Kevin B Commented Nov 5, 2013 at 21:07 - @KevinB Right, httpbin doesn't set that header for GET requests, but even if I set that header on my API server, the browser still prompts for credentials. – Giovanni Lovato Commented Nov 5, 2013 at 21:20
1 Answer
Reset to default 5Check this out.
If your server asks for credentials, then you can't use
Access-Control-Allow-Origin: *
with the wildcard: you must specify the allowed domain.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745379180a4625143.html
评论列表(0条)