This behavior is caused by the custom headers I have to use. This will force the browser to make a so called preflight-request as discussed at https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS In my case this only can be handled with a rewrite-rule in apache-conf, that alwais answers an OPTIONS-Request with status 200: <IfModule rewrite_module> # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L] </IfModule>
Am Freitag, 16. Dezember 2016 10:08:16 UTC+1 schrieb Arne v.Irmer: > > Hi Elias, > please help me and give me a hint *how to send a get-request with basic > authentication to a REST-WS endpoint in Angular 2*. > I have the same problems trying to get a list of tasks from a comunda > RESTful-Webservice that is protected via basic authentication. (See > documentation here > https://docs.camunda.org/manual/7.6/reference/rest/overview/authentication/ > ) > > Just to explain, what I want to do, I give you the curl-call that works > perfect: > curl --user john:john http://localhost:8080/engine-rest/task > > Now I try to do it with Angular 2 > public model = { > 'account' : "john", > 'password' : "john" > }; > > getTasks(){ > let headers = new Headers(); > this.createAuthorizationHeader(headers); > > let options = new RequestOptions({ headers: headers }); > > return this.http > .get( > "http://localhost:8080/engine-rest/task";, > options > ) > .map(response => response.json()).subscribe( > (taskNumber:number) => this.numberOfTasks=taskNumber, > (err) => console.log(err), > () => console.log(this.numberOfTasks) > ); > } > > createAuthorizationHeader(headers: Headers) { > headers.append('Authorization', 'Basic ' + > btoa(`${this.model.account}:${this.model.password}`)); > } > > > with Angular I got an 401 as response. > Sniffing the Requests I see the problem: > > Hypertext Transfer Protocol > OPTIONS /engine-rest/task HTTP/1.1\r\n > [Expert Info (Chat/Sequence): OPTIONS /engine-rest/task > HTTP/1.1\r\n] > [OPTIONS /engine-rest/task HTTP/1.1\r\n] > [Severity level: Chat] > [Group: Sequence] > Request Method: OPTIONS > Request URI: /engine-rest/task > Request Version: HTTP/1.1 > Host: localhost:8080\r\n > Connection: keep-alive\r\n > Access-Control-Request-Method: GET\r\n > Origin: http://evil.com/\r\n > User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/55.0.2883.75 Safari/537.36\r\n > Access-Control-Request-Headers: authorization\r\n > Accept: */*\r\n > Referer: http://localhost:4200/login\r\n > Accept-Encoding: gzip, deflate, sdch, br\r\n > Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4\r\n > \r\n > [Full request URI: http://localhost:8080/engine-rest/task] > [HTTP request 1/1] > [Response in frame: 6] > > So my call was send as an OPTIONS request and the header wasn't set > correctly. > > For a comparison, here is the working call with curl: > > Hypertext Transfer Protocol > GET /engine-rest/task HTTP/1.1\r\n > [Expert Info (Chat/Sequence): GET /engine-rest/task HTTP/1.1\r\n] > Request Method: GET > Request URI: /engine-rest/task > Request Version: HTTP/1.1 > Host: localhost:8080\r\n > Authorization: Basic am9objpqb2hu\r\n > Credentials: john:john > User-Agent: curl/7.51.0\r\n > Accept: */*\r\n > \r\n > [Full request URI: http://localhost:8080/engine-rest/task] > [HTTP request 1/1] > [Response in frame: 25] > > > Thanks in advance! > > Yours > Arne > > Am Montag, 5. Dezember 2016 09:36:25 UTC+1 schrieb Sander Elias: >> >> Hi Nithil, >> >> I would say it works as advertised. Doing it in quite a few applications. >> It easier to help you if you show your code, or at least tell us what you >> have tried, and what the results are? >> >> Regards >> Sander >> > -- You received this message because you are subscribed to the Google Groups "Angular" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
