PDA

View Full Version : http headers added to Ajax request end up in "Access-Control-Request-Headers"



jeremym
25 Apr 2012, 7:32 AM
I'm trying to add an authorization header to an Ajax.request and the headers are ending up inside "Access-Control-Reqest-Headers"... is that the expected behavior? The server-side is acting as if the headers are missing (presumably expecting them to be at the top level as key:value pairings, as is the case with the rest of the headers). A google search revealed a similar topic related to jquery, so I'm guessing maybe this is "working as intended". My code is pretty straightforward:



Ext.Ajax.request({
url: <someurl>,

success: this.myResultCallback,
failure: this.myResultError,
scope: this,
jsonData: {
'name' : name,
'description' : desc
},
headers: {
'myheader': 'foo',//just to test that it shows up
'Authorization' : authHeader //defined above as a base 64 encoded user/pass
}
});

skirtle
26 Apr 2012, 8:11 PM
Are you trying to make an Ajax request to a server with a different origin? Sounds like you're straying into a CORS request to me.

jeremym
30 Apr 2012, 7:44 AM
I'm not entirely sure what you mean. It is a request to a different server than the one that served up the original page (though it is within the same domain).

skirtle
30 Apr 2012, 7:56 AM
The same domain isn't really relevant from the point of view of the browser's same origin policy.

Go back a couple of years and Ajax requests were not allowed to be made to a different server, you'd have had to use JSON-P instead.

Recently browsers have introduced something called CORS (cross-origin resource sharing). This is only available in certain browsers so you should be careful to assess your requirements before using it. To ensure security is maintained there are some extra restrictions on what you can and can't do. In all cases the server must be configured to return appropriate headers to allow the requests.

http://en.wikipedia.org/wiki/Same_origin_policy
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
https://developer.mozilla.org/En/HTTP_access_control

jeremym
30 Apr 2012, 8:05 AM
Thanks I'll check it out, this at least answers why the problem is occurring