Monday, 12 June 2017

Ajax header causing 400 response when tested on node/Heroku, but works on localhost

This all works fine offline, but when I upload it to Heroku I keep getting 400 errors, and it never reaches any of the routes. It does get to the routes when I comment out the header. What's going on here? Any guesses?

I'm basically trying to send a JWT token when the page is loaded to see if the user needs to login again, or if I can just retrieve their info. Works fine tested on localhost with node.

        $.ajax({
            url: 'users/preauth',
            type: 'POST', 
            dataType: 'json',
            // contentType: "application/json ;charset=UTF-8",
            headers: {"Authorization": TOKEN},
        }).done( function(result){ 
        }).fail(function(err){ 
        })

Is it a CORS issue? And if it is, how do I set it up with my Express app to allow the authorization header?

Is there a security risk intrinsic to allowing headers, and if so, is there a better way to send the token without an authorization header?



via Luddens Desir

No comments:

Post a Comment