I'm trying to send a cross-origin domain and adding a custom 'Authorization'-header.
Please see the code below.
Error:
XMLHttpRequest cannot load {url}. Request header field Authorization is not allowed by Access-Control-Allow-Headers.
function loadJson(from, to) {
$.ajax({
//this is a 'cross-origin' domain
url : "http://localhost:2180/api/index.php",
dataType : 'json',
data : { handler : "statistic", from : from, to : to
},
beforeSend : setHeader,
success : function(data) {
alert("success");
},
error : function(jqXHR, textStatus, errorThrown) {
alert("error");
}
});
}
function getToken() {
var cookie = Cookie.getCookie(cookieName);
var auth = jQuery.parseJSON(cookie);
var token = "Token " + auth.id + ":" + auth.key;
}
function setHeader(xhr) {
xhr.setRequestHeader('Authorization', getToken());
}
I also tried:
headers : { 'Authorization' : getToken() },
in the ajax request.
Could it be that the jquery-ajax framework is blocking cross-origin Authentification? How can I fix this?
Update:
By the way: is there a safer method to store the auth.key on client-side then in a cookie?
getToken() will be replaced with a more complex method, hashing the body, date,etc.
question from:
https://stackoverflow.com/questions/9559947/cross-origin-authorization-header-with-jquery-ajax 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…