I am doing a Ajax request, in the response depending on some condition. I might send a 301 status code with a location(redirect) URL. But when I do that there is a ajax request to the redirect URL, but I want it to be a normal request not a ajax request.
Is there a way to do that?
it's pretty easy, you might want the server to return an url instead of performing redirection, end then use window.location to perform redirection in javascript :).
Javascript can't see the redirect response, only the final response from the URL the browser was redirected to.
Javascript can try to recognize the situation by analyzing the response content: Maybe it expects JSON but gets HTML (e.g. a login page :-) )
To do it right you'd need to modify the service to return a non-redirect response code to the Javascript which it can then handle (e.g. 401 when the session expires and the user must log in again)
Related
I'm using AJAX. I call the server which calls an API and gets its response. I try to return the response in JSON to the client. But my Laravel has Middleware that checks token is valid. And when it's invalid, it'll redirect to login page. So the response I return is not JSON from API call but is the HTML of the redirected login page. I don't know what to do about this. One, the response is not the expected JSON and two, how do I keep the mechanism of redirecting to login page when the situation is an AJAX call and not the usual going from one page to the next.
From the client side, I am making an Ajax request of type "delete" using jquery.On the server side, I am doing res.redirect(URL).But instead of redirecting, browser is again making a delete request with URL returned from server side for redirecting.
However, it is not happening for a post request.Everything is OK with post request.
Short version
Ajax is trying to follow the request to it's bitter end to get a successful response (2xx). If you want to delete a resource and send the user to a new web page, you will need to handle that after receiving a success response from your Ajax call.
Full explanation
While redirects are sometimes used after processing a request (such as a successful / failed login) it's not really what they're intended for. Generally you would only redirect the user to get them to the resource their looking for. For example, you might move an endpoint such as POST /blog-post to the new location of POST /blog-article. What you're saying to the requester here is that something used to be where it is, but now they need to make a request elsewhere to find what they're after. This is incredibly important when trying to prevent link rot.
The idea of accepting and processing a request, and then moving the user off to another page is more of a coincidence really. It just happens to work due to how a browser handles URL requests.
I expect your POST request is actually using a form, in this case the browser is following the redirect because it received something like a 301 and is attempting to see a request chain through. However when using Ajax a redirect is being handled by the Ajax call itself, not the entire browser. Ajax in this case is acting as if you'd expect if the endpoint had been moved. So for example, if you moved the endpoint on the server side, your application would still function as it would follow the redirect instruction.
What you really need to do is return a successful response to your Ajax call such as a 204 (No content) and then in your frontend move the user on to a new page.
This isn't as convenient I'll admit, but when you understand why the redirects actually exist it makes more sense. They're not a way of telling a user to move onto something else, they're a way of trying to prevent link rot and enable applications to continue working against an API which may have changed slightly.
Sometimes, a user session expires, no matter the reason. The user is redirected to the login page, as my routes sends the user there in case of Auth::guest().
Then it sends them back after successful login to an ajax/json page (like a list of images in json) - this happens because I'm using the Redirect::intended() call. This is completely unusable then - how do people work around this?
Using Redirect::guest() saves the requested URL to the session key url.intended. If you use Redirect::guest() in a filter on an AJAX route, this will still be the case and the URL of that AJAX call will be where the user is sent.
You can use if(Request::ajax()) {} to do something different for AJAX responses, like returning an error JSON instead of a redirect.
This is sort of a cross-domain issue, but the problem is the browser (Chrome) doesn't seem to follow the redirect. Instead, nothing is returned to the jQuery ajax call, and I get an error.
I'm trying to use jQuery.ajax, but the URL that I'm using redirects to another domain. When this happens, I get an error. Is there anything special that needs to be done so the browser will follow the redirect?
I already added access-control-allow-origin: * to the header of the second domain that is being redirected to.
An HTTP redirect page is treated as any other HTTP page in that it also needs the access control headers. If your redirect page does not have them, the browser will never get around to checking if the page being redirected to has the proper permissions.
Along with the Location header on the redirect page, also add the Access-Control-Allow-Origin header and its related constituents (i.e. Access-Control-Allow-Methods etc.)
The only way to get a cross-domain ajax call is to use jsonp.
In jQuery, set your .ajax() dataType to 'jsonp'. See here: http://api.jquery.com/jQuery.ajax/
It still may not work, if the server being redirected to is not capable of a jsonp response. The difference between a json response and a jsonp response is that a json response is a pure json string, while a jsonp response is the code that calls a function passing in a json string.
A not-too-shabby tutorial: http://remysharp.com/2007/10/08/what-is-jsonp/
A good discussion: Can anyone explain what JSONP is, in layman terms?
I am trying to use ajax in my spring mvc application. When I try a url (post/get) which is secured and needs authentication, the response is the html of login page as it is redirected behind the scenes.
What is the best approach to overcome this issue?
First, I would avoid displaying Ajax links to URLs needing authentication if the user is not authenticated, if possible.
If not always possible, your login page could be returned with a specific HTTP response code, (or any other way to distinguish it from a normal response) and your JavaScript callback could replace the entire body of the current page with the HTML received if this response code is received. Most AJAX libraries come with a way to define a handler to all the AJAX requests. Such a global handler could be used here.
The login page could also be adapted to only return a status code in case of an AJAX request, and the JavaScript code would then redirect to the login page (without using AJAX) if this status code is received.
I may not have explained the issue well. So I did not get the right response. However the response from JB Nizet contained some other points. So thank you.
I could solve the issue after coming back to this issue after some time, so
I posted about this on my blog.
I hope it is useful.