CORS and Basic authentication, error 401

username1 · September 3, 2018, 2:58pm

Hello,

Here is my web.xml file:

And I try to set a GET request from my application with the following headers

'Content-Type': 'application/json',
'Authorization': "Basic ZGVtbzpkZW1v",
'Cache-Control': "no-cache"

to http://localhost:8080/engine-rest/user

I traced my request using Postman. Here are the headers in the request:

[{“key”:“Access-Control-Request-Method”,“value”:“GET”,“description”:“”},{“key”:“Origin”,“value”:“http://evil.com/“,“description”:””},
{“key”:“X-DevTools-Emulate-Network-Conditions-Client
Id”,“value”:“6B279966ED84E2BE5D06B4F083711A81”,“description”:“”},
,{“key”:“Access-Control-Request-Headers”,“value”:“authorization,cache-control,content-type”,“description”:“”},{“key”:“Accept”,“value”:“/”,“description”:“”},
{“key”:“Accept-Encoding”,“value”:“gzip, deflate, br”,“description”:“”}
,{“key”:“Accept-Language”,“value”:“en-US,en;q=0.9”,“description”:“”},
{“key”:“Authorization”,“value”:“Basic ZGVtbzpkZW1v”,“description”:“”}]

If I add an Authorisation header I can send the request. But normally the Options shouldn’t use authorisation, right ? Otherwise I get the error 401 Unauthorize.

How can I make the CROS work, without using a proxy ?

Wojciech_Pitula · December 10, 2018, 8:26am

I have the same issue. Maybe someone has a solution?

Ilya_Malyarenko · December 12, 2018, 5:44pm

Hi,

As one of the options, try running Chrome in a CORS-ignorance mode:

chrome.exe --args --disable-web-security --user-data-dir=“C:/<your_data_dir>” --disable-web-security

Best regards,
Ilya