web applications - CORS and HTTP basic auth -

-

how preflighted http request if include basic auth? following conversation? im having trouble understand headers need sent where, because not possible debug firebug

client:

options /api/resource http/1.1 access-control-request-method: origin: http://jsconsole.com

server:

http/1.1 200 ok access-control-allow-origin: * access-control-allow-methods: post, get, put, delete access-control-allow-headers: authorization access-control-max-age: 1728000 access-control-allow-credentials: true

client:

get /api/resource http/1.1 access-control-request-method: access-control-allow-credentials: true origin: http://jsconsole.com

server:

http/1.1 401 unauthorized access-control-allow-origin: * access-control-allow-methods: post, get, put, delete access-control-allow-headers: authorization access-control-max-age: 1728000 access-control-allow-credentials: true www-authenticate: basic realm="authorisation required"

client:

get /api/resource http/1.1 access-control-allow-credentials: true authorization: basic base64encodeduserandpassword access-control-request-method: origin: http://jsconsole.com

server:

http/1.1 200 ok access-control-allow-origin: * access-control-allow-methods: post, get, put, delete access-control-allow-headers: authorization access-control-max-age: 1728000 access-control-allow-credentials: true

if you're requesting credentials server must respond specific origin in access-control-allow-origin response header (and can't use wildcard *). of course need respond access-control-allow-credentials response header too.


Comments

Post a Comment

Popular posts from this blog

Unable to remove the www from url on https using .htaccess -

-
i want remove www site url. ie. https://www.domainname.com.au https://domainname.com.au . i have tried various .htacces code nothing work me. here present code remove www http not work https. rewriteengine on rewritebase / rewritecond %{http_host} ^www\.(.*)$ [nc] rewriterule ^/(.*)$ http://%1/$1 [r=301,l] rewritecond %{https} off rewriterule ^(.*)$ https://domainname.com.au/$1 [r=301,l] rewriterule ^code-of-conducts/(.*)/$ code-of-conducts.php?type=$1 rewriterule ^parents/post-a-job/(.*)/edit/$ parents/post-a-job.php?action=edit&id=$1 rewriterule ^parents/post-a-job/(.*)/$ parents/post-a-job.php?job_type=$1 rewriterule ^parents/open-jobs/(.*)/delete/$ parents/open-jobs.php?action=delete&id=$1 rewriterule ^parent-profile/(.*)/$ parent-profile.php?id=$1 rewriterule ^parents/job-details/(.*)$ parents/job-details.php?applied_id=$1 rewriterule ^sitterprofile/(.*)/$ sitterprofile.php?id=$1 rewriterule ^sitter/job-board/state/(.*)/page/(.*)/$ sitter/job-board.ph...
Read more