It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,865

question asked: Jan 08 '15, 4:51 a.m.
question was seen: 4,348 times
last updated: Jan 22 '15, 8:39 a.m.

Related questions

How to resolve the CORS issue while calling RTC Rest API via AJAX request?

0
Priyanka Jain (611) | asked Jan 08 '15, 4:51 a.m.
I want to add a feature in my web application where I can add comments to a RTC workitem dynamically via javascript AJAX call. RTC provides the REST API for adding the comment. When I use the REST client add-on on my firefox browser, I am able to achieve this however, when I try to run my AJAX code, it gives me the CORS issue (Cross Origin request blocked). I already tried the methods suggested to enable CORS.

When I debugged it, I found that the problem is due to the response header  X-com-ibm-team-repository-web-auth-msg which is being passed in the response of the preflight (OPTIONS) request and then there is a 304 redirect to the authentication page. And my actual POST request is never reached. 
X-com-ibm-team-repository-web-auth-msg: authrequired
As per the w3 specifications of the preflight request, the cookies are not sent with the preflight request, so there is no way to prevent the redirection in the preflight OPTIONS request because of authentication problem.

Is there any way I can prevent the preflight request? that is - when I make AJAX call to the RTC REST API, the browser directly sends the POST request without sending OPTIONS request before it.

I do not want to create a Web server Proxy to achieve this.


One answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
tong yulong (647) | answered Jan 22 '15, 8:39 a.m.
JAZZ DEVELOPER
use below function to do log in 
authorize : function(callback) {
contentComment.showLoading();
var xhr = contentComment.createXMLHttpRequest();
xhr.open('POST', contentComment.OSLC_CONTENT_TYPES.SERVICE_URL
+ '/authenticated/identity', false);// must visit this url first
xhr.onload = function(e) {
if (xhr.readyState == 4 && xhr.status == 200) {
xhrX = contentComment.createXMLHttpRequest();
xhrX.open('POST', contentComment.OSLC_CONTENT_TYPES.SERVICE_URL
+ '/authenticated/j_security_check', false);
xhrX.setRequestHeader('Content-Type',
'application/x-www-form-urlencoded;charset=UTF-8');
xhrX.setRequestHeader("X-Requested-With", "XMLHttpRequest");
xhrX.setRequestHeader("Cache-Control",
"no-cache,no-store,must-revalidate");
xhrX.setRequestHeader("Pragma", "no-cache");
xhrX.setRequestHeader("Expires", "-1");
// xhr.setRequestHeader("X-jazz-downstream-auth-client-level","4.0");
xhrX.onload = function(e) {
if (xhrX.readyState == 4 && xhrX.status == 200) {
// log
// on
// success
authrequired = xhrX
.getResponseHeader("X-com-ibm-team-repository-web-auth-msg");
if (authrequired == "authrequired") {
contentComment.hideLoading();
contentComment
.showLoginFormMessage("please log in");
} else if (authrequired == "authfailed") {
contentComment.hideLoading();
contentComment
.showLoginFormMessage("please check your username and password");
} else {
if(callback){
callback.call(this);
}
}
}
};
xhrX.onerror = function(){
contentComment.hideLoading();
};
xhrX.send("j_username=" + contentComment.userName
+ "&j_password=" + contentComment.passWord + "");
}else if(xhr.readyState == 4){
contentComment.hideLoading();
contentComment.showLoginFormMessage("connect to RTC error");
};
};
xhr.onerror = function(){
contentComment.hideLoading();
};
xhr.ontimeout = function(){
contentComment.hideLoading();
};
xhr.send();
}

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.