I'm trying to produce an HTTP request with an Authorization header:
$.ajax({
type: 'GET',
url: "https://subdomain.domain.com/login",
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic " + btoa('username' + ":" + 'password'));
}})
But the request that's produced by this code does not contain an Authorization header:
OPTIONS /login HTTP/1.1
Host: subdomain.domain.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: GET
Origin: http://localhost:3021
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/12.3.4567.890 Safari/537.36
Access-Control-Request-Headers: authorization
Accept: /
Referer: http://localhost:3021/app.html
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,he;q=0.6
What am I doing wrong?
This may Solve your Problem.
$.ajax({
type: 'GET',
url: "https://subdomain.domain.com/login",
headers : {
"Authorization" : "Basic " + btoa('username' + ":" + 'password')
}
})
The problem was that I tried to make a cross-domain request do a server that does not allow CORS.
Therefore, the request I saw was a preflight request that used the OPTIONS method. If in this preflight request I had gotten the proper response CORS header, I would see my Authorization header in the real request. But since I did not pass the preflight OPTIONS request, I didn't have a real request, and therefore I didn't see the Authorization header.
I solved it by consuming the API using Node.js rather than the browser.