@Jake - I didn't realize that specifying the URL would cause the browser to think it was cross-origin. Thanks for the tip.
@watusiware - Likewise, I didn't realize that "withCredentials" is only for CORS. Also, I did try the username/password instead of the header but it still asked for credentials. However, as I mentioned previously, there was no need to use Basic Authentication so I switched it to Windows.
That being the case, when the page first loads there's a call to an API that pulls data from AD and, of course, the user has to supply their Windows credentials. Later, there's a call to another API on the same domain but I'm getting prompted again for Windows credentials. So, based on what you both have said, I'm guessing that this could be avoided by changing the URL?
For example, the very first call is:
$.ajax({
type: 'GET',
url: '
https://apps.xxxxx.xxxx.gov/mercury/api/user?member=1', dataType: 'json',
xhrFields: {
withCredentials: true
},
error: (xhr,status,error)=>{
errorHandler(xhr,status,error);
},
success: (user)=>{ ....
This call prompts the user for their network credentials.
First, I'm thinking I don't need the "withCredentials", correct? I guess it's just ignored?
But later there's a subsequent call to another API in the same domain and it looks like this:
$.ajax({
type: 'GET',
url: '
https://apps.personnel.ky.gov/kudosapi/report?member=1', xhrFields: {
withCredentials: true
},
dataType: 'json',
error: (xhr,status,error)=>{
errorHandler(xhr,status,error);
},...
Again, I should be able to dispense with the "withCredentials" but, to avoid the
credential prompt again, what can I do to my URL to avoid that from happening?
Thanks in advance!