I try to consume a WCF service (REST) using ajax (xmlHttpRequest). The service require Basic authentication.
my ajax call is :
var httpRequest = new XMLHttpRequest();
httpRequest.onreadystatechange = function () {
if (httpRequest.readyState == 4) {
if (httpRequest.status == 200) {
//do some stuff
}
}
};
httpRequest.open('PUT', 'http://localhost:59000/v1/users/1', true, 'user1', 'user1');
httpRequest.withCredentials = "true";
//must authenticate both..in open() but also set header manually ...cf http://stackoverflow.com/questions/1358550/xmlhttp-request-basic-authentication-issue
httpRequest.setRequestHeader('Auhtorization', 'Basic user1:user1');
httpRequest.setRequestHeader('Accept', 'application/json');
// overridemimeType() does not set content type header .... don't know why ?
httpRequest.setRequestHeader('Content-Type', 'application/json');
var params = { "UserName": "user1" };
var requestBodyString = JSON.stringify(params);
httpRequest.send(requestBodyString);
The way I first handle the request on the server side is the following
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin",
crossDomain);
//preflight request : cf https://developer.mozilla.org/en/http_access_control
if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Credentials", "true");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept, DummyOneForTest");
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age",
"1728000");
HttpContext.Current.Response.End();
}
My browser sends me the error "Request header field Auhtorization is not allwed by Access-Control-Allow-Headers" but as you can see it is whitin the response header.
Moreover when I try with Fiddler everything is fine and I even have the header dummy one allowed.
So I am really confused, if anyone can help, please do !
Thanks