Issues w/ CORS / HTTP-Status 401


#1

Hi @ all,
I’m facing several issues w/ a basic implementation of a dreamfactory-login. I’ve tried to enable CORS w/in the admin-panel (Host: * / Allowed: POST + GET) and tried to manually enforce it from w/in my Virtual Apache Host.

XMLHttpRequest cannot load http://dreamfactory.domain.com/rest/user/session. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8383' is therefore not allowed access. The response had HTTP status code 401.

Apache-config:

   <Directory /opt/dreamfactory/platform/web/>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride All
	Order allow,deny
	Allow from all
	Header set Access-Control-Allow-Origin "*"
</Directory>

me@debian:/# apachectl -t
Syntax OK
me@debian:/# a2enmod headers
Module headers already enabled

Unfortunately, I’m still receiving the 401-code and don’t know why.

I’m trying to login like this (for testing purposes):

$scope.doLogin = function() {
            console.log('Doing login', $scope.loginData);

        var requestData = {
            email : 'test@domain.com',
            password : 'test'
        };
        $http.post("http://dreamfactory.domain.com/rest/user/session", requestData, {
            headers: {'Content-Type': 'application/json', 'X-DreamFactory-Application-Name' : 'ID'}}
        }).success(function(responseData) {
            console.log(responseData);
        }).error(function(err) {
            console.log(err);
        });
    };

Help would be very much appreciated. Thanks!


#2

I’m a massive idiot - the web-dir was password-protected via .htaccess. Since my browsers have been logged in and the debugging-console only showed me the error stated in the OP, I failed to connect the dots…

Hint: To check if CORS is allowed, try this:

$  curl -i http://dreamfactory.domain.com/
...
<title>401 Authorization Required</title>
...

After removing the .htaccess-Login:

$  curl -i http://dreamfactory.domain.com/
Date: Tue, 02 Sep 2014 13:52:19 GMT
...
Access-Control-Allow-Origin: *
...

#3

Thanks, man!

Glad you figured it out, take care.

  • Mark