Home/ Questions/Q 8016653
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T20:35:52+00:00

I configures my Jetty server to allow cross domain http requests (allowedOrigins = *)

  • 0

I configures my Jetty server to allow cross domain http requests (allowedOrigins = *) and also to allow cross domain authentication (allowCredentials=true) using its CrossOriginFilter.
Cross domain http requests without authentication requirement work ok. Now when it comes to http calls that require authentication It doesn’t work out using JQuery. I use the following code and followed this example: http://www.aswinanand.com/2009/01/http-basic-authentication-using-ajax/

function login(username, password) {
$.ajax({
    type: "GET",
    contentType: "application/json",
    dataType: "json",
    url: url,
    beforeSend: function(xhr) {
        var base64 = Base64.encode(username + ":" + password);
        xhr.setRequestHeader("Authorization", "Basic " + base64);
        xhr.withCredentials = true;
    },
    error: function(data){
        alert("error");
    },
    success: function(data){
        alert("success"); 
    }
});

In HTTPFox i see the following request to the server:

OPTIONS /login HTTP/1.1
...
Access-Control-Request-Method   GET
Access-Control-Request-Headers  authorization,content-type

The server responds with a 

HTTP/1.1 204 No Content
...
Allow   OPTIONS,GET,HEAD

I also used the options below, which doesnt make a difference.

$.ajax({
    ...
    username: username,
    password: password,
    ...
}

The error function always fires.
Anybody an idea what the problem could be?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As the default allowed headers are

    X-Requested-With,Content-Type,Accept,Origin

    I had to add the headers

    authorization,content-type

    Found this via the log file

    DEBUG [2012-05-27 17:04:02,468] org.eclipse.jetty.servlets.CrossOriginFilter: Headers [authorization,content-type] are not among allowed headers [X-Requested-With, Content-Type, Accept, Origin]

    Thanks for all the hints!

    • 0