Search jQuery

jQuery Forum

Ajax GET Prompting for Credentials

in Using jQuery • 8 months ago

Hello:

I'm making the following Ajax call using credentials I've read from a JSON file. The credentials passed here are correct (I've verified using a debugger); however, I'm still prompted to enter them despite them being passed in the ajax call.

What am I doing wrong?

            // Load data into jsGrid
            function loadGrid() {
                $.ajax({
                    type: 'GET',
                    url: 'https://apps.xxxxxx.xx.xxx/kudosapi/report?member=1',
                    xhrFields: {
                        withCredentials: true
                    },
                    headers: {
                        'Authorization': 'Basic ' + btoa(window.creds.kudosapi.user + ':' + window.creds.kudosapi.password)
                    },                
                    dataType: 'json',
....

Replies(8)

jakecigar

Re: Ajax GET Prompting for Credentials

8 months ago

Are you getting CORS errors in the console?

Does the service really support CORS and Basic Authorization?

JΛ̊KE

jakecigar

Re: Re: Ajax GET Prompting for Credentials

8 months ago

Are you sure they support GET? Not POST??

JΛ̊KE

Steve1111..

Re: Ajax GET Prompting for Credentials

8 months ago

Thanks for the replies. I've changed the site to Windows Authentication and have avoided the problem. However, I'm still not sure why I was being prompted. It's not a CORS issue because both the API and the page calling it are on the same domain. Perhaps, Jakecigar has a point - maybe GET doesn't support passing credentials? If not, that's very frustrating and should be addressed IMHO.

jakecigar

Re: Ajax GET Prompting for Credentials

8 months ago

Don’t specify the full URL unless the origin is different from the page. To the reader it assumes you are going cross origin.

JΛ̊KE

watusiware

Re: Ajax GET Prompting for Credentials

8 months ago

withCredentials is ONLY for CORS. It is IGNORED for same-origin.

Why did you make your own Authorization header? $.ajax() supports authentication quite simply:

http://api.jquery.com/jquery.ajax/

$.ajax({

url:https://example.com

username: 'gwashington',

password: 'cherry-tree'

...

Steve1111..

Re: Ajax GET Prompting for Credentials

8 months ago

@Jake - I didn't realize that specifying the URL would cause the browser to think it was cross-origin. Thanks for the tip.

@watusiware - Likewise, I didn't realize that "withCredentials" is only for CORS. Also, I did try the username/password instead of the header but it still asked for credentials. However, as I mentioned previously, there was no need to use Basic Authentication so I switched it to Windows.

That being the case, when the page first loads there's a call to an API that pulls data from AD and, of course, the user has to supply their Windows credentials. Later, there's a call to another API on the same domain but I'm getting prompted again for Windows credentials. So, based on what you both have said, I'm guessing that this could be avoided by changing the URL?

For example, the very first call is:

$.ajax({
type: 'GET',
url: 'https://apps.xxxxx.xxxx.gov/mercury/api/user?member=1',
dataType: 'json',
xhrFields: {
withCredentials: true
},
error: (xhr,status,error)=>{
errorHandler(xhr,status,error);
},
success: (user)=>{ ....
This call prompts the user for their network credentials.

First, I'm thinking I don't need the "withCredentials", correct? I guess it's just ignored?
But later there's a subsequent call to another API in the same domain and it looks like this:

$.ajax({
type: 'GET',
url: 'https://apps.personnel.ky.gov/kudosapi/report?member=1',
xhrFields: {
withCredentials: true
},
dataType: 'json',
error: (xhr,status,error)=>{
errorHandler(xhr,status,error);
},...
Again, I should be able to dispense with the "withCredentials" but, to avoid the

credential prompt again, what can I do to my URL to avoid that from happening?

Thanks in advance!

watusiware

Re: Ajax GET Prompting for Credentials

8 months ago

I'm afraid I can't read half of your post (the right half!). Maybe Jake can fix the formatting.

Everything you "didn't know" is in the documentation:

http://api.jquery.com/jquery.ajax/

I have some doubt now about your assurance that it is not cross-domain. But... I cannot guess the URL the page was loaded from!

example.com/some-page

someotherdomain.com/some-api/some-api-endpoint

are, of course, cross-domain.

But:

example.com/some-page

apps.example.com/some-api/some-api-endpoint

IS cross-domain as well! example.com and apps.example.com are NOT the same domain.

Please make sure you understand CORS.

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

----

I don't know anything about "Windows Authentication" as it relates to web browsers. I did a quick Google search, and you might need to enable some option in Chrome or Firefox.

Maybe your server doesn't support Basic authentication.

jakecigar

Re: Ajax GET Prompting for Credentials

8 months ago

I just resurrected an old site of mine that uses basic authorization.

The first ajax sends Authorization.

$.ajax
({
type: "GET",
url: "subSite/",
headers: {
"Authorization": "Basic " + btoa("xxx" + ":" + "yyy")
},
success: console.log,
error:console.error,
complete:console.info
});

There is a problem with making GET requests. You can still GET old requests. You need to add

cache: false,

JΛ̊KE

Top Reply

Response title

Attachments

jQuery Forum

Ajax GET Prompting for Credentials

Replies(8)

Re: Ajax GET Prompting for Credentials

Re: Re: Ajax GET Prompting for Credentials

Re: Ajax GET Prompting for Credentials

Re: Ajax GET Prompting for Credentials

Re: Ajax GET Prompting for Credentials

Re: Ajax GET Prompting for Credentials

Re: Ajax GET Prompting for Credentials

Re: Ajax GET Prompting for Credentials

Statistics

Tags

Actions