i'm trying open (cross domain) uri in javascript code. i'm able open if copy browser , directly open it. however, if open in javascript code, 403 forbidden error. here code:
var xhr = new xmlhttprequest(); xhr.responsetype = 'json'; xhr.withcredentias = true; xhr.open('get', uri, 'true'); xhr.onload = function() { console.log(xhr.response); } xhr.send(); it doesn't seem cors error, because in response header can see origin host in access-control-allow-origin part. didn't cors error either.
does have idea why happens? appreciate help!
thanks!
====update====
directly browser (chrome)
request: accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 accept-encoding:gzip, deflate, sdch, br accept-language:en-us,en;q=0.8 cache-control:no-cache connection:keep-alive host:host.com pragma:no-cache upgrade-insecure-requests:1 user-agent:mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, gecko) chrome/51.0.2704.103 safari/537.36 response: cache-control:max-age=60 connection:keep-alive content-encoding:gzip content-type:application/json; charset=utf-8 date:mon, 01 aug 2016 17:58:20 gmt expires:mon, 01 aug 2016 17:59:20 gmt keep-alive:timeout=5, max=100 server:apache/2.4.6 transfer-encoding:chunked vary:accept-encoding from code
request: accept:*/* accept-encoding:gzip, deflate, sdch, br accept-language:en-us,en;q=0.8 cache-control:no-cache connection:keep-alive host:host.com origin:myhost.com pragma:no-cache referer:myhost.com/login user-agent:mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, gecko) chrome/51.0.2704.103 safari/537.36 response: access-control-allow-credentials:true access-control-allow-methods:get, head, options access-control-allow-origin:myhost.com cache-control:max-age=60 connection:keep-alive content-length:0 content-type:application/json; charset=utf-8 date:mon, 01 aug 2016 18:20:54 gmt expires:mon, 01 aug 2016 18:21:54 gmt keep-alive:timeout=5, max=100 server:apache/2.4.6
Comments
Post a Comment