jQuery AJAX Header Authorisation

Asked 18/7, 2012 at 11:18 Answered 19/9, 2014 at 20:24

I'm trying to authorise an AJAX query based on this tutorial. It sets the request headers before send with the appropriate authorisation information by using the Crypto library. The problem I'm having is that headers don't seem to be set on request. Here's my code:

beforeSend : function(xhr) {
  var bytes = Crypto.charenc.Binary.stringToBytes(username + ":" + password);
  var base64 = Crypto.util.bytesToBase64(bytes);
  xhr.setRequestHeader("Authorization", "Basic " + base64);
},

Ricky answered 18/7, 2012 at 11:18 Comment(3)

What makes you think the header is not set? Have you inspect the actual xhr call? Could either Crypto, username or password be set to undefined? You could also use curl and set the header (-H) and see if isn't a server side problem. BTW, I'm the one who wrote that blog post ;-) – Siva 18/7, 2012 at 18:37

I'm writing the xhr call to the log, what am I looking for within the object? I've checked and all 3 are defined correctly. What's currently happening is I'm getting a 401 unauthorised error for obvious reasons. That's good to know, good post. – Ricky 19/7, 2012 at 9:14

with Chrome, if you open the Developer Tools and you select the Network tab and then XHR element in the bottom list, you can inspect the actual ajax requests, its content, the headers and all. – Siva 19/7, 2012 at 20:26

The issue was not setting the dataType to JSONP. As this was not done the browser interpreted the call as a standard AJAX request which meant it was being blocked under same-origin-policy.

Working code for reference (credit goes to @pdeschen for suggesting Crpyto):

<script type='text/javascript'>
// define vars
var username = '';
var password = '';
var url = '';

// ajax call
$.ajax({
    url: url,
    dataType : 'jsonp',
    beforeSend : function(xhr) {
      // generate base 64 string from username + password
      var bytes = Crypto.charenc.Binary.stringToBytes(username + ":" + password);
      var base64 = Crypto.util.bytesToBase64(bytes);
      // set header
      xhr.setRequestHeader("Authorization", "Basic " + base64);
    },
    error : function() {
      // error handler
    },
    success: function(data) {
        // success handler
    }
});
</script>

Ricky answered 23/7, 2012 at 9:31 Comment(2)

You can also encode the username and password to base64 with btoa(username+":"+password) – Ossie 25/1, 2016 at 9:37

@DanielHigueras Nice! Didn't know about this function, [looks like it's only available in IE 10+], but hey.. screw IE 😉 – Ricky 25/1, 2016 at 11:13

This finally seems to work for me. There could be collisions on an individual call basis. Sets this method as a default for future connection options.

//Function( jqXHR jqXHR )
$.ajaxSetup( {beforeSend: function(jqXHR) {
    jqXHR.setRequestHeader( "My-Header", "My-Value" );
} } );

Burp answered 19/9, 2014 at 20:24 Comment(1)

It seems that ajaxSetup no longer exists, so I used ajaxSend: $(document).ajaxSend(function(e, xhr, settings) { xhr.setRequestHeader("Authorization", "mytoken"); });. See api.jquery.com/ajaxSend – Proparoxytone 9/3, 2015 at 18:56

Recommended topics

Hot tags