I'm making a post request with ajax (CORS) and I am setting a header (Content-Type:application/x-www-form-urlencoded) and I'm trying to read the response's headers. Here is what I've done:
function makePostRequest(url, data, headers, httpVerb, dataType, elementId) {
$.ajax({
url: url,
type: httpVerb,
data: data,
headers: headers,
dataType: dataType,
success: function(data, textStatus, jqXHR) {
$("#" + elementId).val(jqXHR.responseText);
alert(JSON.stringify(jqXHR));
},
error: function(jqXHR, textStatus, errorThrown) {
$("#" + elementId).val(jqXHR.responseText);
}
}).then(function(data, status, xhr) {
console.log(xhr.getAllResponseHeaders());
});
}
But in the console is printed only
Content-Type: application/x-www-form-urlencoded; charset=utf-8
And in chrome developer tools I'm seeing:
How to get all these headers?
PS: I am using Chrome, not Firefox ()
I asked how to get all headers, not why I'm getting only one header(if it's not possible, I will accept this answer).
So, I was making a CORS request and in this case the headers are filtered out for security reasons.
The only way to acces those headers is to include in the response a header Access-Control-Expose-Headers that will contain a list of headers that can be read from the javascript, as you can read here:
7.1.1 Handling a Response to a Cross-Origin Request
User agents must filter out all response headers other than those
that are a simple response header or of which the field name is an
ASCII case-insensitive match for one of the values of the
Access-Control-Expose-Headers headers (if any), before exposing
response headers to APIs defined in CORS API specifications.
Related
I'm calling facebook graph api using ajax as follows,
$.ajax({
url: "https://graph.facebook.com/oauth/access_token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=fb_exchange_token&fb_exchange_token="+accessToken,
type: 'GET',
contentType: "application/json",
success: function (response) {
},
error: function (error) {
console.log('Error occurd while retrieving long live access token');
}
});
But it shows error as follows,
Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
If I make the request using postman or using the browser it works fine. Appriciate any help to resolve this issue. I tried several answers regarding the Access-Control-Allow-Headers in the server side, but in this case I don't have the control over facebook side.
I've been going through the app authorization steps here https://developer.microsoft.com/en-us/graph/docs/authorization/app_authorization, but can't seem to get the request to work. I consistently get errors saying
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access."
This seems weird as I am including that header.
$.ajax({
type: "POST",
url: url,
crossDomain: true,
data: {
'refreshToken': refreshToken,
'client_id': clientId,
'client_secret': clientSecret,
'redirect_uri': redirect_uri,
'resource': resource
},
dataType: 'json',
beforeSend: function (xhr) {
xhr.setRequestHeader('Access-Control-Allow-Origin', "*");
xhr.setRequestHeader('Access-Control-Allow-Methods', "*");
xhr.setRequestHeader('Access-Control-Allow-Headers', "*");
},
success: function (data, status, headers, config) {
callback(data);
},
error: function (data, status, headers, config) {
console.log('Error getting access token from Microsoft Graph: ' + status + " " + JSON.stringify(data));
}
});
You are using a wrong OAuth2 flow. You should not use the Authorization grand code flow in browser applications, because you cannot keep the client secret safe and the tokens get to the server when a browser requests the redirect URL (the tokens are not in the hash # part of the URL).
That's why Microsoft API doesn't support XHR access to the /token endpoint (by omitting the CORS response headers).
You could consider using the Implicit flow, which is designed for usage in browsers, keeps the tokens safe and doesn't require a client secret.
Given this Ext.Ajax call:
Ext.Ajax.request({
url: url,
method: 'POST',
jsonData: dataToPost,
success: function (response) {
console.log(response.getAllResponseHeaders());
console.log(response.getResponseHeader('Location'));
console.log(response.getResponseHeader('location'));
});
}
I expected to see the Location: header in the log. Instead I get this (I added the lower-case location just in case, seeing content-type is lower-case):
The same request seen in Fiddler shows more headers than Content-type:
What am I doing wrong?
Currently in my web app project, I need to parse the content of a web page, and after some searching, I found that Mercury Web Parser API is quite suitable for me.
And I have some experience with such kind of third party APIs, generally speaking I can get my desired result.
But for this API, I can't find documentation about the API usage on the official website.
Based on the my study, it provide two methods:
first is cURL as following:
curl -H "x-api-key: myapikey" "https://mercury.postlight.com/parser?url=https://trackchanges.postlight.com/building-awesome-cms-f034344d8ed"
the myapikey is the API key I get from the website. Then I can get the result in JSON format, which is the main content of the web page specified by the url parameter. It works well for me, I mean the cURL method.
And on the website, it said that the second method is HTTP call, which is just what I need:
GET https://mercury.postlight.com/parser?url=https://trackchanges.postlight.com/building-awesome-cms-f034344d8ed
Content-Type: application/json
x-api-key: myapikey
So based on my understanding, I use jquery AJAX method to do this as following:
var newurl = "https://mercury.postlight.com/parser?url=http://www.businessinsider.com/joel-spolsky-stack-exchange-interview-2016-12&x-api-key=myapikey"
$.ajax({
url: newurl,
dataType: "jsonp",
success: function(data){
console.log(data.title);
}
})
here I made JSONP request because of the Cross origin issue.
But now I face 401 error message (401 Unauthorized. The request has not been applied because it lacks valid authentication credentials for the target resource)
For now my guess is that the apikey is not correctly passed to server. So based on the cURL's successful call, can I get the correct format for AJAX call?
Update:
Based on the following answers ,I tried to set the request header as following:
$.ajax({
url: newurl,
dataType: "jsonp",
beforeSend: function(xhr){
console.log(apiKey);
xhr.setRequestHeader('x-api-key', apiKey);
},
/*
headers: {
"x-api-key": "M1USTPmJMiRjtbjFNkNap9Z8M5XBb1aEQVXoxS5I",
"contentType": 'application/json'
},
*/
success: function(data){
console.log("debugging")
console.log(data.title);
},
error: function (error) {
console.log(error)
}
})
I tried both beforeSend and headers. But still can't work and get the following trackback error message:
send # jquery.js:8698
ajax # jquery.js:8166
addNewArticle # topcontroller.js:18
fn # VM783:4
e # angular.js:281
$eval # angular.js:147
$apply # angular.js:147
(anonymous) # angular.js:281
dispatch # jquery.js:4435
elemData.handle # jquery.js:4121
And for the last send function, still 401 error.
But the ajax error handling part shows that the readyState:4 and status: 404 result. So what's going here.
For your question, the curl request is sending a header which you have attached as part of the query string in your $.ajax request.
Try the following instead (using beforeSend + xhr) :
// broke this string down so you don't have to scroll
var newurl = "https://mercury.postlight.com/parser?" +
"url=http://www.businessinsider.com/" +
"joel-spolsky-stack-exchange-interview-2016-12";
// set your api key
var apiKey = "<your api key>";
$.ajax({
url: newurl,
dataType: "json",
beforeSend: function(xhr){xhr.setRequestHeader('x-api-key', apiKey);},
success: function(data){
console.log(data.title);
}
})
I have this webapp where I make a post request using Ajax from Domain A to a rest service on Domain B
Domain B has been set up to serve the response with the CORS Access-Control* headers in order to get the cross-domain posting to work
Headers in response from domain B:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST GET OPTIONS
Access-Control-Allow-Origin: https://sub.domain-a.com
Access-Control-Max-Age: 180
The Ajax code
$.ajax({
url: 'https://sub.domain-b.com',
type: 'POST',
contentType: 'application/json',
headers: {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
},
data: json,
dataType: 'json',
xhrFields: {
withCredentials: true
},
success: function (data) {
},
error: function (jqXHR, textStatus, errorThrown) {
}
});
I am logged in on both domains and my request sends the necessary cookie (withCredentials=true), but I am still getting a 403 Forbidden from the response
Both domains are using SSL a certificate
I am beginning to wonder if the SSL's are causing the problem as this worked before and I am getting nothing in my logs
Are there anyone here that have any experience with something similar?
Any pointers?
It could be something similar to this issue:
Pre-flight OPTIONS request failing over HTTPS
Typically when the issue is with SSL and the preflight request though you wouldn't get back a 403, you'd just get the OPTIONS request aborting.
How does the service authenticate and authorise? Are you using self-signed certificates? It sounds like you're correct in thinking that SSL is causing the issue and without more info it's hard to say what your specific problem is.