the following code works just fine:
$.ajax({
type: 'POST',
url: baseUrl+"/users",
data: data,
});
However, if I add an Authorization header:
$.ajax({
type: 'POST',
url: baseUrl+"/users",
data: data,
headers: {
Authorization: clientAuth,
},
});
Then I get the following error:
XMLHttpRequest cannot load http://0.0.0.0:8080/users. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://0.0.0.0:9000' is therefore not allowed access. (this is in chrome, but I get a similar error in firefox).
What is weird is that my server is configured to handle CORS, Access-Control-Allow-Origin IS set! Look at the OPTIONS request/response:
In case it helps, here is the CURL for both requests:
options:
curl 'http://0.0.0.0:8080/users' -X OPTIONS -H 'Access-Control-Request-Method: POST' -H 'Origin: http://0.0.0.0:9000' -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36' -H 'Accept: */*' -H 'Referer: http://0.0.0.0:9000/' -H 'Connection: keep-alive' -H 'Access-Control-Request-Headers: accept, authorization, content-type' --compressed
post:
curl 'http://0.0.0.0:8080/users' -H 'Accept: */*' -H 'Referer: http://0.0.0.0:9000/' -H 'Origin: http://0.0.0.0:9000' -H 'Authorization: YXBwRnJldGlzdGE6cGFzc3dvcmQ=' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data 'grant_type=bearer&username=vitor%40freta.la&password=123456' --compressed
Why am I getting this error? I can't even tell if the problem is client or server-side, because I am sending all the headers needed for CORS requests! Any help will be appreciated! Thanks!
