Missing Authorizaton Header and Jquery

Question

I am using the following to make a CORS request:

// This causes a problem....
        $.support.cors = true;
        $.ajax({
            url: url,
            type: 'GET',
            data: {},
            dataType: 'json',
            contentType: "application/json; charset=utf-8",
            crossDomain: true,
            success: function (result, textStatus, jqXHR) {
                alert('Success');
            },
            error: function (jqXHR, textStatus, err) {
                var problem = jqXHR.responseText;
                if (problem == undefined) {
                    problem = err;
                }
                if (window.console) console.log("Error with ajax call: " + problem);
            },
            beforeSend: function (xhr) {
                var headerValue = "Basic <base64 user name and password>";
                xhr.setRequestHeader('Authorization', headerValue);
            }
        });

and the Fiddler request is:

GET http://api.scenictours.com/api/Guests?query=firstName::|surname::Testcustomer|dateOfBirth::|gender::|postcode::|email::|phone::|clientmarket::AU HTTP/1.1
Accept: */*
Origin: http://localhost:50485
Accept-Language: en-AU,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: api.scenictours.com
DNT: 1
Connection: Keep-Alive
Pragma: no-cache

Can anyone tell me why the Authentication header is gone?

Answer 1

Take a look at this question's answer - Basic authentication using XHR

Apparently there's some authorization header mangling for cross-domain requests.

Answer 2

According to https://developer.mozilla.org/en/docs/HTTP/Access_control_CORS#Requests_with_credentials

By default, in cross-site XMLHttpRequest invocations, browsers will not send credentials. A specific flag has to be set on the XMLHttpRequest object when it is invoked.

So, you'll need to add one more line to beforeSend:

xhr.withCredentials = true;