AnsweredAssumed Answered

Anyone know how to allow REST from a Browser-based App that sends CORS Options?

Question asked by rwill on Jun 26, 2014
Latest reply on Mar 18, 2016 by Scott_Owens

I am trying to write a browser-based app and making a REST call to PAM using JQuery. It seems my request begins first with a pre-flight Options packet before the HTTP Post. This is rejected by PAM with a 401, unauthorized. Is there a way to make this work?

 

CORS: HTTP access control (CORS) - HTTP | MDN

 

First packet sent from browser:

 

OPTIONS /node/rest/CA:00074_CA:00074:01/_ops/Start HTTP/1.1

Host: 10.56.127.54:7000

Connection: keep-alive

Access-Control-Request-Method: POST

Origin: file://

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Access-Control-Request-Headers: accept, authorization, content-type

Accept: */*

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

 

Reply from PAM:

 

HTTP/1.1 401 Unauthorized

Accept: */*

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Access-Control-Request-Headers: accept, authorization, content-type

Access-Control-Request-Method: POST

Content-Length: 0

Content-Type: null

Host: 10.56.127.54:7000

Origin: file://

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

WWW-Authenticate: Basic realm= Catalyst Realm

Server: Jetty(8.1.10.v20130312)

 

Any help or ideas welcome.

 

Rick

Outcomes