How to resolve the CORS issue while calling RTC Rest API via AJAX request?
I want to add a feature in my web application where I can add comments to a RTC workitem dynamically via javascript AJAX call. RTC provides the REST API for adding the comment. When I use the REST client add-on on my firefox browser, I am able to achieve this however, when I try to run my AJAX code, it gives me the CORS issue (Cross Origin request blocked). I already tried the methods suggested to enable CORS.
When I debugged it, I found that the problem is due to the response header X-com-ibm-team-repository-web-auth-msg which is being passed in the response of the preflight (OPTIONS) request and then there is a 304 redirect to the authentication page. And my actual POST request is never reached.
Is there any way I can prevent the preflight request? that is - when I make AJAX call to the RTC REST API, the browser directly sends the POST request without sending OPTIONS request before it.
I do not want to create a Web server Proxy to achieve this.
When I debugged it, I found that the problem is due to the response header X-com-ibm-team-repository-web-auth-msg which is being passed in the response of the preflight (OPTIONS) request and then there is a 304 redirect to the authentication page. And my actual POST request is never reached.
X-com-ibm-team-repository-web-auth-msg: authrequiredAs per the w3 specifications of the preflight request, the cookies are not sent with the preflight request, so there is no way to prevent the redirection in the preflight OPTIONS request because of authentication problem.
Is there any way I can prevent the preflight request? that is - when I make AJAX call to the RTC REST API, the browser directly sends the POST request without sending OPTIONS request before it.
I do not want to create a Web server Proxy to achieve this.
One answer
use below function to do log in
authorize : function(callback) {
contentComment.showLoading();
var xhr = contentComment.createXMLHttpRequest();
xhr.open('POST', contentComment.OSLC_CONTENT_TYPES.SERVICE_URL
+ '/authenticated/identity', false);// must visit this url first
xhr.onload = function(e) {
if (xhr.readyState == 4 && xhr.status == 200) {
xhrX = contentComment.createXMLHttpRequest();
xhrX.open('POST', contentComment.OSLC_CONTENT_TYPES.SERVICE_URL
+ '/authenticated/j_security_check', false);
xhrX.setRequestHeader('Content-Type',
'application/x-www-form-urlencoded;charset=UTF-8');
xhrX.setRequestHeader("X-Requested-With", "XMLHttpRequest");
xhrX.setRequestHeader("Cache-Control",
"no-cache,no-store,must-revalidate");
xhrX.setRequestHeader("Pragma", "no-cache");
xhrX.setRequestHeader("Expires", "-1");
// xhr.setRequestHeader("X-jazz-downstream-auth-client-level","4.0");
xhrX.onload = function(e) {
if (xhrX.readyState == 4 && xhrX.status == 200) {
// log
// on
// success
authrequired = xhrX
.getResponseHeader("X-com-ibm-team-repository-web-auth-msg");
if (authrequired == "authrequired") {
contentComment.hideLoading();
contentComment
.showLoginFormMessage("please log in");
} else if (authrequired == "authfailed") {
contentComment.hideLoading();
contentComment
.showLoginFormMessage("please check your username and password");
} else {
if(callback){
callback.call(this);
}
}
}
};
xhrX.onerror = function(){
contentComment.hideLoading();
};
xhrX.send("j_username=" + contentComment.userName
+ "&j_password=" + contentComment.passWord + "");
}else if(xhr.readyState == 4){
contentComment.hideLoading();
contentComment.showLoginFormMessage("connect to RTC error");
};
};
xhr.onerror = function(){
contentComment.hideLoading();
};
xhr.ontimeout = function(){
contentComment.hideLoading();
};
xhr.send();
}