i just tried the jira authentication API for cookies in postman and it worked perfectly fine. i got the cookie with the session ID which i used in other API calls.
But when i tried the exact same POST call in angularjs,it didn't work at all.
code for angular js $http call
$http({
method: "POST",
url: "http://gsd.company.com/jira/rest/auth/1/session",
data:JSON.stringify({"username": "user#company.com", "password": "passwordrandom"}),
headers:{
"Content-Type": "application/json"
}
}).then(function successCallback(response){
console.log(response);
},function errorCallback(response){
console.log("err");
console.log(response);
});
and i get the following error on the console
XMLHttpRequest cannot load
http://gsd.company.com/jira/rest/auth/1/session. Response for preflight is invalid (redirect)
I've tried nearly every solution out there like setting access headers in the client call but nothing works. Thanks in advance?
it should simply be
data:{""username": "user#company.com", "password": "passwordrandom"}
Related
I have an account on Napster developers. And, I made an app, and I got an api key. According to Napster documents Here is what I send as a GET request over UPC.
function getByUpc() {
console.log("getByUpc is called ...");
return $http({
method: 'GET',
url: 'http://api.napster.com/v2.2/albums/upc/602498619070',
headers: {
'Authorization': 'BASIC my-apikey'
}
}).then(handleSuccess, handleError('Error getting user by id'))
}
I changed BASIC to Bearer, but I also get a same result (401 error).
Also, I tried to put apikey as a query string but I get 403 error.
Any suggestion?
http://api.napster.com/v2.2/albums/upc/602498619070?apikey=MY-APIKEY
I have one api which is being called from Angularjs from front end, when API hit from post-man it is taking hardly 1 sec to send response, but when it is being called from chrome browser, it leads to hangs it up and Aw, Snap! page.
we are using remote desktop, upon which only chrome is running with a single tab.
Any thoughts we this is happing to us, since api is fine with postman returning a response within 1 sec.
Sample Code of Angular service method, which send the response to controller,
this.getData() = function(chartJson) {
return $http({
method: "POST",
url: "api/xxxxxxxx/xxxxxxxx",
headers: { 'Content-Type': "Application/json" },
data: chartJson
});
};
In controller, we access this above method like,
this.getData()
.then(function(response){
console.log(response);
}, function(error){
console.log('Error '+error);
});
Thanks in advance.
Here is the call I make the Parse.com's API to login the user:
var deferred = $q.defer();
$http({
method: "GET",
url: "https://api.parse.com/1/login",
headers: {
"X-Parse-Application-Id": PARSE_CREDENTIALS.APP_ID,
"X-Parse-REST-API-Key": PARSE_CREDENTIALS.REST_API_KEY,
"Content-Type": "application/json"
},
data: {
"username": credentials.username.toLowerCase(),
"password": credentials.password
}
}).success(function(data) {
deferred.resolve(data);
}).error(function() {
deferred.reject("error")
});
return deferred.promise;
When I trigger this Angular service method, I get the following error in my console:
XMLHttpRequest cannot load https://api.parse.com/1/login. Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers.
I'm not sure how to resolve this. Here are the current contents of the common headers object for my Angular app:
Object {Accept: "application/json, text/plain, */*", Access-Control-Allow-Headers: "origin, content-type, accept"}
I implement the $http service almost exactly the same for my custom classes without error. The only difference is the URL. Can anyone provide an answer as to why I am getting this error?
EDIT: From this other question, I've gathered that the header field error is the result of the header in the Parse.com response, not in my request. But I am not sure how to proceed now.
EDIT 2: Attached is an image of the HTTP request and response headers that I get when I ping the login API URL.
Are you setting these headers for all http requests somewhere in your angular app?
I'm not sure how to resolve this. Here are the current contents of the
common headers object for my Angular app:
Object {Accept: "application/json, text/plain, */*", Access-Control-Allow-Headers: "origin,
These should come from the server only (response headers), so if they are being set somewhere in the request, then the server would error due to extra headers it was not expecting.
So here is the relevant part of the documentation from AngularJS about using the $http dependency.
params – {Object.<string|Object>} – Map of strings or objects which will be turned to ?key1=value1&key2=value2 after the url. If the value is not a string, it will be JSONified.
data – {string|Object} – Data to be sent as the request message data.
So I conflated params with data. Parse.com expects an URL-parameterized string of the username and password. My confusion was partly because I thought there was a mismatch of request and response headers. But this was not the case.
var deferred = $q.defer();
$http({
url: "https://api.parse.com/1/login",
headers: {
"X-Parse-Application-Id": PARSE_CREDENTIALS.APP_ID,
"X-Parse-REST-API-Key": PARSE_CREDENTIALS.REST_API_KEY,
"Content-Type": "application/json; charset=utf-8"
},
params: {
"username": credentials.username.toLowerCase(),
"password": credentials.password
}
}).success(function(data, status, headers, config) {
deferred.resolve(data);
}).error(function(data, status, headers, config) {
deferred.reject("error")
});
Additional note: For any Angular developers out there who are concerned about the security of user credentials, you will need to set up SSL for your site to ensure that this data does not fall victim to a man-in-the-middle attack. For information on how to set up SSL with Parse.com, read this article.
If, you do not want to pay for an SSL certificate as DigiCert prescribes (e.g. this app is not for customers, but for internal purposes), check out this article for information on how to create your own SSL certificate and save yourself +$100/year.
My http response contains the headers Authentication (as mentioned here: Authentication:76efbc0946773b62c93e952b502a47acd898200f6f80dc46ac87ffc501c00780) when I inspect the request with the inspector, but a call to headers("Authentication") returns null
return $http({
method: "GET",
url: url,
headers: {
'Content-Type': "application/json"
}
}).success(function (data, status, headers, config) {
console.log(headers("Authentication"));
})
Do you have any idea about what I could be doing the wrong way ?
FYI, i've tried to switch it back to a "promise" way, with .then, and the issue is still the same.
Your code looks good but if it's a CORS request the server needs to include Access-Control-Expose-Headers: {any custom headers} in the response.
There's a previous question/answer with more details: Reading response headers when using $http of Angularjs
In success callback put :
console.log(headers('content-type'));
console.log(headers()); // All headers
I think the first line return a result in your cas.
In the seconde, have you got the 'Authentication' ?
The custom headers will be visible in same domain. In crossdomain case, you need to send Access-Control-Expose-Headers: Authentication, ... header from server.
As the title suggest, I need to pass an authorization token but when I check the network console, I'm getting a 403 because the accept and authorization isn't there. NOTE: I removed my authorization token for this example
$http({
url: 'http://api.stubhub.com/search/catalog/events/v2?title="san"',
dataType: 'json',
method: 'GET',
data: '',
headers: {
"Content-Type": 'application/json',
"Authorization": 'Bearer {token}'
}
}).success(function(response){
$scope.searchResponse = response;
}).error(function(error){
$scope.error = error;
});
This seems like correct syntax? What's wrong here?
EDIT: added the XHR screenshot
EDIT: 2. Here's my network traffic, HAR via paste bin:
http://pastebin.com/fiFngZSy
setting custom headers on XHR requests triggers a preflight request.
I bet you're seeing an OPTIONS request without the Authorization header, and a corresponding response whose Access-Control-Allow-Headers header value is not listing Authorization, or the API doesn't even allow unauthorized OPTIONS requests.
I don't know the stubhub api, but does it return CORS-compliant responses?