The error message "Unauthorized use of the Request header field Authorization" is occurring within the Tastypie framework

Encountering an error with ApiKeyAuthentication on my Tastypie resources when making an HTTP request using AJAX and Tastypie:

Error: XMLHttpRequest cannot load http://domain.com/api/v1/item/?format=json&username=popo&api_key=b83d21e2f8bd4952a53d0ce12a2314c0ffa031b1. Request header field Authorization is not allowed by Access-Control-Allow-Headers.

Looking for solutions to this issue.

Chrome's request headers:

Request Headersview source

Accept:*/*
Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.3

Accept-Encoding:gzip,deflate,sdch

Accept-Language:en-US,en;q=0.8

Access-Control-Request-Headers:
origin, authorization, access-control-allow-origin, accept, access-control-allow-headers

Access-Control-Request-Method:
GET

Response headers from Chrome:

Response Headersview source

Access-Control-Allow-Headers:
Origin,Content-Type,Accept,Authorization

Access-Control-Allow-Methods:
POST,GET,OPTIONS,PUT,DELETE

Access-Control-Allow-Origin:*

Connection:keep-alive

Content-Length:0
Content-Type:
text/html; charset=utf-8

Date:Fri, 11 May 2012 21:38:35 GMT

Server:nginx

Both have Authorization headers but still not working.

Django middleware used to modify response headers: https://gist.github.com/1164697

Edit: Issue identified - connection only accepts domain.com, not www.domain.com

javascriptdjangobackbone.jstastypie

Answer №1

Antyrat's response is lacking some details.

You must indicate the specific headers your server permits, such as Authorization.

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Authorization

Answer №2

After giving a thumbs up to @Manuel Bitto's answer,
I wanted to share another solution for implementing a Cors Filter that has been effective for me with Apache Tomcat 5.x:

public class CustomCorsFilter implements Filter {

    public CustomCorsFilter() { }

    public void init(FilterConfig fConfig) throws ServletException { }

    public void destroy() { }

    public void doFilter(

            ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse)response;
        httpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, OPTIONS, DELETE");
        httpServletResponse.addHeader("Access-Control-Allow-Headers", "Authorization");

        chain.doFilter(request, response);
    }
}

I recommend paying close attention to including OPTIONS in the "Access-Control-Allow-Methods" header values as mentioned above.
This is crucial because when making requests with special headers or content types, like in my scenario, the XMLHttpRequest object initiates an additional OPTIONS call, which must be handled in your code.
Referencing the explanation provided here by Mozilla can provide further insight into this issue.
I hope this information proves helpful.

Answer №3

The reason behind this issue is due to the enforcement of the Same origin policy.

In order to fix this problem, you must initiate an AJAX call from the same domain where the request is being sent. Alternatively, you can modify your server settings to allow requests from external domains.

To address this issue, you will need to adjust the headers on by including your external domain in the allowed headers:

Access-Control-Allow-Origin: *

For more information, please refer to this article.

Answer №4

The issue arose when attempting to access www.domain.com instead of domain.com. While domain.com functioned properly, accessing www.domain.com triggered a detection that I was making requests from a different domain.

Answer №5

Although this question may be dated, I recently encountered a CORS issue after integrating owin into my project. Despite searching extensively on Google and experimenting with various solutions, I was able to resolve the CORS problem by including the following code:

<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />

For more in-depth information, please refer to the links provided below. Thank you.

[

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Having trouble with charts not appearing on your Django website?

I am working on a Django project where I need to integrate bar-charts using Django-nvd3. Although I have successfully displayed the bar-charts in separate projects, I am facing an issue with integrating them into my current project. Below is the code snipp ...

javascriptpythonhtmldjangonvd3.js

Removing a row from a table with the click of a button

I recently wrote a piece of code to dynamically add or delete rows in an HTML table. The issue I'm facing is that while the addition of rows works perfectly fine, I'm unable to delete a specific row. Upon clicking the delete button, I encounter a ...

javascripthtmlhtml-tabledelete-row

Issue with AngularJS causing HTML input field to limit the display to only three digits

Whenever I input a number with 4 digits or more (excluding decimals) into the designated box, it mysteriously disappears once I click away (blur). Could it be due to the currency filter causing this issue? Even though the model retains the value when logg ...

javascripthtmlangularjsinputfilter

When is the __v value in Mongoose updated?

As per the information found at , the __v version field is expected to change when array elements are shifted from their original position. I conducted a test using the following code (Mongoose version 3.8.15): var mongoose = require('mongoose' ...

javascriptnode.jsmongodbmongoose

Error: Class cannot be loaded by React Webpack loader

I'm encountering an issue with my two typescript packages - a React application and an infrastructure package. The React app has a dependency on the infrastructure package (currently linked via npm). After adding a new class to the infrastructure pack ...

javascriptreactjstypescriptwebpackbabeljs

Tips for preventing the unwanted portrayal of a rectangle on canvas?

As a beginner in javascript, I am currently learning about the canvas. I have a question regarding drawing rectangles from right to left and seeing negative numbers in the inputs. Is there a way to display the real size of the rectangle regardless of the d ...

javascripthtmlcanvasnumbers

Eliminate classes from radios that are not selected

Here is a snippet of the code I am working with: <ul id="id_priori"> <li> <label for="id_priori_0"> <input id="id_priori_0" name="priori" type="radio">Hola </label> </li> </ul> ...

javascriptjqueryhtmlclassradio-button

Ways to dynamically manipulate HTML elements in Angular 5

Recently, I've been attempting to programmatically transform an HTML element. Strangely, when I update the transform value in the console tab, it changes successfully, but for some reason it doesn't reflect in the element tab of the browser. onD ...

javascriptcssangulartypescriptangular5

ReactJS component experiencing issues with loading images

In my React project, there is a directory containing several images, and I am attempting to import them all into a carousel using Bootstrap. The current code looks like this: import Carousel from 'react-bootstrap/Carousel'; const slideImagesFold ...

javascripthtmlreactjsbootstrap-5

Activate the download upon clicking in Angular 2

One situation is the following where an icon has a click event <md-list-item *ngFor="let history of exportHistory"> <md-icon (click)="onDownloadClick(history)" md-list-avatar>file_download</md-icon> <a md-line> ...

javascriptangulartypescript

Is there a way to switch the classList between various buttons using a single JavaScript function?

I'm currently developing a straightforward add to cart container that also has the ability to toggle between different product sizes. However, I am facing difficulties in achieving this functionality without having to create separate functions for ea ...

javascriptjquerycsstoggle

perform the .then() function within a returned promise

Here is my code snippet: function scammer(message) { return new Promise((resolve,reject)=>{ if(condition){ if (condition) { bot.KickMember(params).then((message)=>{ console.log("kicked"); ...

javascriptnode.jstelegramtelegram-bot

Incorporating the JQuery plugin Lightbox_me into a Ruby on Rails application

Greetings! I am currently attempting to incorporate a popup window using the Lightbox_me plugin in my Ruby On Rails application. After downloading jquery.lightbox_me.js and placing it in the app/assets/javascripts directory, I added //= require jquery.lig ...

javascriptjqueryruby-on-railscoffeescriptlightbox

How to stop a checkbox from being selected in Angular 2

I have a table with checkboxes in each row. The table header contains a Check All checkbox that can toggle all the checkboxes in the table rows. I want to implement a feature where, if the number of checkboxes exceeds a certain limit, an error message is ...

javascriptangulartypescriptangular2-ngmodel

Utilizing Jquery on the client side in conjunction with a Node.js server

I am using nodejs within a docker-compose container to create a local web app. My goal is to use jquery on the client-side to load an HTML file into a div, but I'm encountering issues with it not working properly. Both the initial index.html and the n ...

javascripthtmljquerynode.jsexpress

Implement Vue.js functionality to dynamically add the 'active' class upon clicking an element, while also removing

Is it possible to create an active link on a div element? Check out this example to see how you can achieve that in your code: http://jsfiddle.net/fiddleyetu/9ff79/ $(function() { $( 'ul.nav li' ).on( 'click', function() { $ ...

javascripthtmlcssvue.jsvuejs2

Django Form ListBox

Currently working with Django forms and in need of creating a list box. What is the equivalent of a listbox in Django form fields? I have referred to the documentation @ https://docs.djangoproject.com/en/dev/ref/forms/fields/#modelchoicefield however, ...

pythondjangodjango-forms

Angular Resolve Upon Application Reloading

Is there a way to postpone the initialization of my Application Controller (similar to using the 'resolve' attribute in the router) when reloading a page? Or more importantly, how can I delay the rendering of the view until my controller has succ ...

javascriptangularjspromiseangular-promise

Bootstrap datetimepicker is not showing the calendar for selecting a date, making it impossible to choose a specific date

I am facing an issue with integrating the bootstrap datetimepicker with Datatables to filter the data based on selected dates. The problem is that only an input bar is displayed on the page, and there is no calendar or calendar symbol visible. I suspect it ...

javascripthtmldatatablesbootstrap-datetimepicker

Creating visual content on a website

I'm currently working on a project where I need to showcase the results of a numerical model I am operating. My goal is to gather user input in the form of latitude/longitude coordinates, utilize php (or a similar tool) to trigger a python script that ...

javascripthtmlcssweb