I'm testing a WebSEAL secured RESTful service against Chrome Postman which works 100%. I pass in basic authentication credentials as required and send the request.
There is no authorization prompt in the browser, and the response returns the expected results without error.
However, when I try to do this in jQuery and run it via a browser, I get nowhere, exception CORS errors and other authorization 401 errors that I am not expecting.
In my opinion, Postman generates exactly the same XMLHttpRequest string that I would via any AJAX framework in JavaScript, yet Postman succeeds and normal JavaScript does not.
What is the difference here? I am completely at a lost.
// jQuery
var authorization = basic_auth('username', 'password1'),
url = 'https://url.domain.name/service.svc';
$.ajax({
url: url,
method: 'GET',
xhrFields: {
withCredentials: true
},
beforeSend: function (req) {
req.setRequestHeader('Authorization', authorization);
req.setRequestHeader('Content-Type', 'application/json');
},
success: function (s) {
}
});
// XMLHttpRequest
var xml = new XMLHttpRequest(),
authorization = basic_auth('username', 'password1'),
url = 'https://url.domain.name/service.svc';
xml.open('GET', url, true);
xml.setRequestHeader('Authorization', authorization);
xml.setRequestHeader('Content-Type', 'application/json');
xml.setRequestHeader('Content-Length', 1000);
xml.onreadystatechange = function () {
xhrResult(httpRequest);
};
xml.send(null);
UPDATE & RESOLUTION
Chrome, by default, does not allow XS-XHR from localhost.