jQuery Forum

Are you getting CORS errors in the console?

Thanks for the replies. I've changed the site to Windows Authentication and have avoided the problem. However, I'm still not sure why I was being prompted. It's not a CORS issue because both the API and the page calling it are on the same domain. Perhaps, Jakecigar has a point - maybe GET doesn't support passing credentials? If not, that's very frustrating and should be addressed IMHO.

Don’t specify the full URL unless the origin is different from the page. To the reader it assumes you are going cross origin.

withCredentials is ONLY for CORS. It is IGNORED for same-origin.

@Jake - I didn't realize that specifying the URL would cause the browser to think it was cross-origin. Thanks for the tip.


@watusiware - Likewise, I didn't realize that "withCredentials" is only for CORS. Also, I did try the username/password instead of the header but it still asked for credentials. However, as I mentioned previously, there was no need to use Basic Authentication so I switched it to Windows.



That being the case, when the page first loads there's a call to an API that pulls data from AD and, of course, the user has to supply their Windows credentials. Later, there's a call to another API on the same domain but I'm getting prompted again for Windows credentials. So, based on what you both have said, I'm guessing that this could be avoided by changing the URL?


For example, the very first call is:


$.ajax({
type: 'GET',
url: 'https://apps.xxxxx.xxxx.gov/mercury/api/user?member=1',
dataType: 'json',
xhrFields: {
withCredentials: true
},
error: (xhr,status,error)=>{
errorHandler(xhr,status,error);
},
success: (user)=>{ ....
This call prompts the user for their network credentials.

First, I'm thinking I don't need the "withCredentials", correct? I guess it's just ignored?
But later there's a subsequent call to another API in the same domain and it looks like this:



$.ajax({
type: 'GET',
url: 'https://apps.personnel.ky.gov/kudosapi/report?member=1',
xhrFields: {
withCredentials: true
},
dataType: 'json',
error: (xhr,status,error)=>{
errorHandler(xhr,status,error);
},...
Again, I should be able to dispense with the "withCredentials" but, to avoid the

credential prompt again, what can I do to my URL to avoid that from happening?


Thanks in advance!

I'm afraid I can't read half of your post (the right half!). Maybe Jake can fix the formatting.

I just resurrected an old site of mine that uses basic authorization.