admin管理员组

文章数量:1424415

I've read a lot of documentation about CORS and authentication, and I'm pretty sure to do things correctly. I'm trying to authenticate a jQuery.ajax GET CORS request, like this:

$.ajax('', {
    type: 'GET',
    username: 'foo',
    password: 'bar',
    xhrFields: {
        withCredentials: true
    }
}).then(function (data) {
    alert('success');
}, function (xhr) {
    alert('failure');
});

but the browser keeps prompting me for credentials, not sending the provided ones. Try this at / where is supposed to send correct CORS headers.

I've read a lot of documentation about CORS and authentication, and I'm pretty sure to do things correctly. I'm trying to authenticate a jQuery.ajax GET CORS request, like this:

$.ajax('http://httpbin/basic-auth/foo/bar', {
    type: 'GET',
    username: 'foo',
    password: 'bar',
    xhrFields: {
        withCredentials: true
    }
}).then(function (data) {
    alert('success');
}, function (xhr) {
    alert('failure');
});

but the browser keeps prompting me for credentials, not sending the provided ones. Try this at http://jsfiddle/BpYc3/ where http://httpbin is supposed to send correct CORS headers.

  • javascript
  • jquery
  • ajax
  • authentication
  • cors
Share Improve this question asked Nov 5, 2013 at 20:58 Giovanni LovatoGiovanni Lovato 2,2752 gold badges30 silver badges58 bronze badges 2
  • XMLHttpRequest cannot load http://httpbin/basic-auth/foo/bar. Credentials flag is true, but Access-Control-Allow-Credentials is not "true". are you sure the server is allowing cross-origin credentials? I haven't had to deal with this, but that's where i would look first due to that error. – Kevin B Commented Nov 5, 2013 at 21:07
  • @KevinB Right, httpbin doesn't set that header for GET requests, but even if I set that header on my API server, the browser still prompts for credentials. – Giovanni Lovato Commented Nov 5, 2013 at 21:20
Add a ment  | 

1 Answer 1

Reset to default 5

Check this out.

If your server asks for credentials, then you can't use

Access-Control-Allow-Origin: *

with the wildcard: you must specify the allowed domain.

本文标签: javascriptCORS authentication with jQueryStack Overflow

版权声明:本文标题:javascript - CORS authentication with jQuery - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745379179a2656079.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。