I'm getting 403 exception when I make an ajax call to jenkins api call to get the build details from Rally sdk custom html interface.
//Ajax api call to jenkins
var blink ="https://[jenkinshost]/job/Appdev/job/TestProject/api/json";
Ext.Ajax.request({
url: blink,
method :'GET',
crossDomain: true,
withCredentials: true,
headers : {
'Authorization': 'Basic dsasfsfxfhfj',
'Content-Type': 'application/json;charset=UTF-8',
},
success: function(response){
var backToJs=JSON.parse(response.responseText);
console.log('resp data-',backToJs);
//console.log(backToJs['QueryResult'].Results);
},
failure: function(response) {
console.log('jenkins-ajax call failure');
}
});
ajax call error-
Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'https://rally1.rallydev.com' is therefore not
allowed access. The response had HTTP status code 403.
Add to your .htaccess file on both domains this string:
Header add Access-Control-Allow-Origin "*"
And try to find more information about cross-domain requests.
Related
i got an error when trying to access some API from web called rajaongkir api it shows an error 400 and no access control origin. it's need a header 'key' to work i already test it on postman and it works well. please help me
Code:
componentDidMount(){
const key = {
method: 'GET',
headers: { 'key': '11sss8ba9eeb9e4845c01edc3e62e62b80b', 'content-type': 'application/json' },
url: 'https://api.rajaongkir.com/starter/province'
}
axios(key).then(response => {
this.setState({ provinsi: response.data.results });
}).catch(error => {
console.log(error)
})
}
error:
Failed to load resource: the server responded with a status of 400 (Bad Request)
:8000/#/profil:1
Access to XMLHttpRequest at 'https://api.rajaongkir.com/starter/province' from origin 'http://127.0.0.1:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
i have tried allowing origin access and it's just removing the No "access-control.." but still got blocked by cors policy
install Allow CORS: Access-Control-Allow-Origin extension in the browser
https://chrome.google.com/webstore/detail/allow-cors-access-control/lhobafahddgcelffkeicbaginigeejlf?hl=en
Ext.Ajax.request({
url: 'https://dev-516799.oktapreview.com/api/v1/users?limit=200',
method: 'GET',
Accept: 'application/json',
'Access-Control-Allow-Origin': '*',
headers: {
'Authorization': 'SSWS Token'
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*',
//'Access-Control-Allow-Methods': 'GET'
},
scope: this,
cleanup: function () {
view.setLoading(false);
},
success: function (response) {
}
But I am getting error as "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource"
Access-control: Allow-Origin headers are a security feature that has to be enabled in the reply from the server, not in the request to the server.
Examples: ExtJS - Adding headers to AJAX store
In your case, you are at the mercy of Okta. They have some APIs that support CORS if you provide them with the allowed URLs, and others that don't. You cannot access Okta APIs directly from your JavaScript code unless the APIs are marked as CORS-enabled and you have added your URL to the list of CORS-enabled URLs in the Okta admin panel. If you need unmarked APIs or access from arbitrary URLs, you may have to create a wrapper in your own server backend that relays the requests from your frontend to the Okta server.
I am trying to make a request to 'https://connect.squareup.com/v2/locations' using angularjs, where call is getting failed saying 403 FORBIDDEN.
Here is the code sample :
var url = 'https://connect.squareup.com/v2/locations';
var config = {
headers: {
'Authorization': 'Bearer sandbox-sq0atb-JJGltCa375qzAyoQbjPgmg',
'Accept': 'application/json',
"X-Testing": "testing"
}
};
$http.get(url, config)
.then(
function (response) {
console.dir(response);
},
function (response) {
console.log("failed" + response)
}
);
I have made a fiddle of the above sample. Any help is appreciated.
http://jsfiddle.net/dx6tdrha/
Are you seeing this error: XMLHttpRequest cannot load https://connect.squareup.com/v2/locations. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.? It means that you cannot access the API via front-end Javascript (like AngularJS) You'll need to use a different implementation like Node.js, PHP, etc.
I am making a web app using angularjs. I am making request on elasticsearch api. This is the code:
app.controller('usersDatas', function($scope, $http){
$http.post("http://192.168.6.55:9200/userdata/_search", {headers : { 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8' },
data: "{ 'query': { 'query_string': { 'query': 'png' } } }"
// Access-Control-Allow-Origin: true
}).success(function(data){
console.log(data);
});
});
This is error I have :
XMLHttpRequest cannot load http://192.168.6.55:9200/userdata/_search. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.
I have added this :
http.cors:
enable: true
allow-origin: /https?:/\/\/localhost(:[0-9]+)?/
to my elasticsearch (/etc/elasticsearch/elasticesarch.yml) config. I don't know if the problem comes from elasticsearch or from angularjs.
How can I solve this ?
Thanks.
You must add in HEADER Access-Control-Allow-Origin
PHP Example:
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
This is browser issue First close all the chrome browser windows ...
open terminal
sudo -i
(Your Password)
then type
google-chrome --disable-web--security
Then try the link in that url
As the title suggest, I need to pass an authorization token but when I check the network console, I'm getting a 403 because the accept and authorization isn't there. NOTE: I removed my authorization token for this example
$http({
url: 'http://api.stubhub.com/search/catalog/events/v2?title="san"',
dataType: 'json',
method: 'GET',
data: '',
headers: {
"Content-Type": 'application/json',
"Authorization": 'Bearer {token}'
}
}).success(function(response){
$scope.searchResponse = response;
}).error(function(error){
$scope.error = error;
});
This seems like correct syntax? What's wrong here?
EDIT: added the XHR screenshot
EDIT: 2. Here's my network traffic, HAR via paste bin:
http://pastebin.com/fiFngZSy
setting custom headers on XHR requests triggers a preflight request.
I bet you're seeing an OPTIONS request without the Authorization header, and a corresponding response whose Access-Control-Allow-Headers header value is not listing Authorization, or the API doesn't even allow unauthorized OPTIONS requests.
I don't know the stubhub api, but does it return CORS-compliant responses?