CORS and HTTP basic auth - how to log in?

F

Frasty2014-07-25 14:01:53

JavaScript

Frasty, 2014-07-25 14:01:53

There are web services 1C are on iss7 in the server settings is specified

<add name="Access-Control-Allow-Origin" value="http://сайт" />
  так же добавлял 
name="Access-Control-Allow-Methods" value="POST,GET,OPTION"
name="Access-Control-Allow-Headers" value="Authorization"

$.support.cors = true; also added

there is a request

$.ajax({
          type : 'POST',
          crossDomain : true,
          dataType : 'xml',
          data: хмл-запрос,
//					headers : {'Authorization':'Basic ХХХХХХ'},
          url : 'Адресс',
          success : function(data){
            console.log(data);
          }
        });

If you remove authentication on the server, then everything works, at least in chrome and ff,
but if you install it and uncomment the headers, then the response is "empty" and writes that "A request from an external source is blocked: The policy of one source prohibits reading a remote resource", as pass the desired header in the request?

PS with an uncommented header it works if you start chrome with -args --disable-web-security
PSS as a result you need a line that will allow you to authorize with a header in an Ajax post request

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

L

Lynn "Coffee Man", 2014-07-25
@Lynn

The server response must have an Access-Control-Allow-Credentials
header . More Requests with credentials

Important note: when responding to a credentialed request, server must specify a domain, and cannot use wild carding. The above example would fail if the header was wildcarded as: Access-Control-Allow-Origin: *.