Comments on: Cross Origin Resource Sharing with Sinatra http://britg.com/2009/12/29/cross-origin-resource-sharing-with-sinatra/ The big yellow one's the sun. Fri, 27 Jan 2012 21:15:00 +0000 hourly 1 http://wordpress.org/?v=3.1.2 By: Chris Castle http://britg.com/2009/12/29/cross-origin-resource-sharing-with-sinatra/comment-page-1/#comment-544 Chris Castle Mon, 04 Jul 2011 04:52:00 +0000 http://britg.com/?p=1282#comment-544 Hey Brit-  Thanks for putting this together.  I'm trying to make an HTTPS cross-domain request with Basic Auth.  I'm using Sinatra (obviously) on the server and jquery on the client.  I'm getting a 401 Unauthorized response from the server.  In looking at the Request headers I don't see the browser sending the 'Authorization' header.  Here are the request and response headers.  Any idea what's wrong?  If I hit the Request URL by itself in a browser, the auth box pops up, I enter my credentials, and everything works great -- but not when it's requested via javascript... Request URL:https://my.site.com/ec2/describe?env=dev&instanceId=i-b285d4dfRequest Method:GETStatus Code:401 UnauthorizedRequest HeadersAccept:*/*Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3Accept-Encoding:gzip,deflate,sdchAccept-Language:en-US,en;q=0.8Connection:keep-aliveHost:my.site.comOrigin:http://localhost:4567Referer:http://localhost:4567/index.htmlUser-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1Query String Parametersenv:devinstanceId:i-b285d4dfResponse HeadersAccess-Control-Allow-Credentials:trueAccess-Control-Allow-Headers:AuthorizationAccess-Control-Allow-Methods:GET, POST, UPDATE, DELETE, OPTIONS, HEADAccess-Control-Allow-Origin:http://localhost:4567Access-Control-Max-Age:1728000Connection:keep-aliveContent-Length:15Content-Type:text/html;charset=utf-8Server:thin 1.2.11 codename Bat-Shit CrazyWWW-Authenticate:Basic realm="Restricted Area" Hey Brit-  Thanks for putting this together.  I’m trying to make an HTTPS cross-domain request with Basic Auth.  I’m using Sinatra (obviously) on the server and jquery on the client.  I’m getting a 401 Unauthorized response from the server.  In looking at the Request headers I don’t see the browser sending the ‘Authorization’ header.  Here are the request and response headers.  Any idea what’s wrong?  If I hit the Request URL by itself in a browser, the auth box pops up, I enter my credentials, and everything works great — but not when it’s requested via javascript…

Request URL:https://my.site.com/ec2/describe?env=dev&instanceId=i-b285d4dfRequest Method:GETStatus Code:401 UnauthorizedRequest HeadersAccept:*/*Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3Accept-Encoding:gzip,deflate,sdchAccept-Language:en-US,en;q=0.8Connection:keep-aliveHost:my.site.comOrigin:http://localhost:4567Referer:http://localhost:4567/index.htmlUser-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.41 Safari/535.1Query String Parametersenv:devinstanceId:i-b285d4dfResponse HeadersAccess-Control-Allow-Credentials:trueAccess-Control-Allow-Headers:AuthorizationAccess-Control-Allow-Methods:GET, POST, UPDATE, DELETE, OPTIONS, HEADAccess-Control-Allow-Origin:http://localhost:4567Access-Control-Max-Age:1728000Connection:keep-aliveContent-Length:15Content-Type:text/html;charset=utf-8Server:thin 1.2.11 codename Bat-Shit CrazyWWW-Authenticate:Basic realm=”Restricted Area”

]]> By: escort services http://britg.com/2009/12/29/cross-origin-resource-sharing-with-sinatra/comment-page-1/#comment-490 escort services Tue, 01 Mar 2011 14:19:46 +0000 http://britg.com/?p=1282#comment-490 Cross-origin resource sharing Sending messages is not the only solution for sharing information between different websites. The cross-origin resource sharing API loosens the controls over AJAX calls to anywhere but the home domain. ... Cross-origin resource sharing Sending messages is not the only solution for sharing information between different websites. The cross-origin resource sharing API loosens the controls over AJAX calls to anywhere but the home domain. …

]]>