Question

158

jquery $.ajax call results in 401 unauthorized response when in Chrome or Firefox, but works in IE

rated 0 times [ 164] [ 6] / answers: 1 / hits: 41895 / 9 Years ago, tue, april 21, 2015, 12:00:00

I have a script running on a web page that needs to use the JQuery $.ajax method (currently using jquery 1.7.2) to submit several GET requests to a service endpoint on a different domain. I have the ajax call working in IE (9, 10, 11), but it fails with a 401 Unauthorized response in Firefox and Chrome. Part of the additional error message in Chrome is Full authentication is required to access this resource.

My ajax call is setup like this (dataType is json for these requests that fail, and async is true):

    $.ajax({

      url: url,

      type: GET,

      async: isAsync,

      dataType: dataType,

      username: user,

      password: pswd,

      success: function (response, status) {

         // success code here

      },

      failure: function (response, status) {

         // failure code here

      },

      complete: function (xhr, status) {

         // on complete code here

      }

   });

I am passing in the username and password required to access the service and this works in IE. I was understanding that the JQuery ajax function would handle the authentication correctly, so if a response comes back indicating that authorization is required, it would use the credentials that were provided to make that request correctly. Am I missing something here? Do I need to manually add the Authorization header for this to work?

UPDATE:
Here is the request, response, and cookie info reported by Chrome and IE via the F12 debugging tools (some info replaced with [...removed...])

Chrome (42.0.2311.90 m)

Response Headers

access-control-allow-credentials:true
access-control-allow-origin:[...removed...]
access-control-expose-headers:
cache-control:private,max-age=0,must-revalidate connection:keep-alive
content-encoding:gzip content-length:296
content-type:text/html;charset=ISO-8859-1 date:Tue, 21 Apr 2015
20:55:12 GMT expires:Tue, 21 Apr 2015 20:55:12 GMT p3p:CP=NON DSP COR
CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA
set-cookie:JSESSIONID=qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13;Path=/;Secure;HttpOnly
set-cookie:NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3945525d5f4f58455e445a4a42378b;path=/;secure;httponly
status:401 Unauthorized vary:Accept-Encoding version:HTTP/1.1
www-authenticate:Basic realm=Rally ALM

Request Headers

:host:rally1.rallydev.com :method:GET :path:[...removed...]
:scheme:https :version:HTTP/1.1 accept:application/json,
text/javascript, /; q=0.01 accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8 origin:[...removed...]
referer:[...removed...] user-agent:Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90
Safari/537.36

Response Cookies

JSESSIONID qd-app-1348vf1vrksvc76oshcwirvjp.qd-app-13
NSC_vt1.sbmmzefw.dpn!-!IUUQT
ffffffff09091c3945525d5f4f58455e445a4a42378b

IE 11

Request Headers

Request GET [...removed...] Referer [...removed...] Accept

application/json, text/javascript, /; q=0.01 Accept-Language en-US
Accept-Encoding gzip, deflate User-Agent Mozilla/5.0 (Windows NT
6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host [...removed...] Connection Keep-Alive Cache-Control no-cache Cookie

JSESSIONID=qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08;
NSC_vt1.sbmmzefw.dpn!-!IUUQT=ffffffff09091c3145525d5f4f58455e445a4a42378b;
RALLY-Detail-treeCollapsed=false;
ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;
SUBBUCKETID=713

Response Headers

Response HTTP/1.1 200 OK RallyRequestID
qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-0810353108 Expires Thu, 01
Jan 1970 00:00:00 GMT Content-Type text/javascript; charset=utf-8
ETag 0101c2c8d3463ee3c1a4f950d4142b7d3 P3P CP=NON DSP COR CURa
PSAa PSDa OUR NOR BUS PUR COM NAV STA Cache-Control
private,max-age=0,must-revalidate Date Tue, 21 Apr 2015 20:58:17 GMT
Connection keep-alive Set-Cookie
ZSESSIONID=RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU;Path=/;Domain=[...removed...];Secure;HttpOnly
Set-Cookie
SUBBUCKETID=713;Path=/;Domain=[...removed...];Secure;HttpOnly
Content-Length 319

Cookies

Sent JSESSIONID qd-app-08xmftgye78tde1b0wzcl2kit4m.qd-app-08

Sent NSC_vt1.sbmmzefw.dpn!-!IUUQT
ffffffff09091c3145525d5f4f58455e445a4a42378b Sent
RALLY-Detail-treeCollapsed false Sent ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU Sent
SUBBUCKETID 713 Received ZSESSIONID
RpKo5acfRqmjPhW0vIU1rgurWmDhlka0lrGCY9MIWhU At end of session
[...removed...] / Yes Yes Received SUBBUCKETID 713 At end of
session [...removed...] / Yes Yes

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

devonw

Add To Favorites

Follow

Total Points: 311

Total Questions: 116

Total Answers: 111

Location: Senegal

Member since Fri, Aug 21, 2020

4 Years ago

devonw questions

1 How to set up Vue 3 parent component to emit event to child component

Thu, Apr 21, 22, 00:00, 2 Years ago

1 How to update item quantity in the shopping cart using React Redux

Wed, Jul 21, 21, 00:00, 3 Years ago

1 TypeError: request.getHeader is not a function

Wed, Jul 21, 21, 00:00, 3 Years ago

1 Updating one of the Formik initial values with state resets all other values

Thu, Feb 25, 21, 00:00, 3 Years ago

1 PM2 - Incorrect memory usage reading & possible memory leak with Node.js application

Wed, Dec 25, 19, 00:00, 5 Years ago

View All

answered 9 Years ago gerardamosy · Accepted Answer

I came across a jquery forum post that had some additional information regarding this issue. Based on what I found there, I added this to the $.ajax call:

  beforeSend: function (xhr) {

     xhr.setRequestHeader('Authorization', makeBaseAuth(user, pswd));

  }

where makeBaseAuth() uses the btoa() function like this:

   makeBaseAuth: function(user, pswd){ 

      var token = user + ':' + pswd;

      var hash = ;

      if (btoa) {

         hash = btoa(token);

      }

      return Basic  + hash;

   }

That appears to be working in Chrome now, I'm not getting a login prompt or a 401 response, the request is going through and I get the expected response. I also removed the option xhrFields: { withCredentials: true } as that didn't appear to be necessary. For some reason this isn't working in Firefox yet, and in the Firefox debugger I can't actually get at the javascript to do any decent debugging to see what the problem is, the way this script works is its loaded into a web page as an anonymous script and I don't have any control over that. I have a way to get at the script in IE and Chrome, but not Firefox for some reason. I'll consider this a win just getting it to work in Chrome, thanks to everyone for prodding me in the right direction!