B
BartMille
Guest
We're developing a REST-api using OERealm form-based authentication (oe 11.5). The goal is to create an independent api that will be used by our Angular developers to create a website. We prefer to use a token instead of something like basic security. Everything works when you work with the standard login-form in the browser. A cookie (jessionid) is generated & passed around. But, when I try to use ajax, it fails. I know (/think) the cookie can't be used from javascript. But I was under the impression that the X-CLIENT-CONTEXT-ID could be used instead of the cookie. I can't get this to work however. So, my question: is it possible to access the api passing around a token in the header (or body)? If so, any ideas how? I've tried something like this, but it returns "forbidden": $(document).ready(function () { alert("before call"); $.ajax({ url : " localhost:8980/.../customer", headers: {"X-CLIENT-CONTEXT-ID": "F4913D668091CB818096F31FC70801E8" }, type : 'GET', contentType: "application/json", success : function (data) { alert("ok"); debugger; }, error : function (data, errorThrown) { alert(errorThrown); debugger; } }); });
Continue reading...
Continue reading...