{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 太酷不给撩 的问题《Request headers not sent from Service Worker》','https://www.manongdao.com/q-536216.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to fetch a web service from a Service Worker. This service is a JSP secured with basic Apache authentication, so I must provide the credentials to authenticate in the request headers. The following request works just fine from the main window:
self.addEventListener('push', function(event) {
console.log('Received a push message', event);
event.waitUntil(
fetch(ONLINE_SITE_ENDPOINT, {
method: 'GET',
mode: 'cors',
headers: {
'Accept': 'application/json',
'Authorization': 'Basic btoa(auth info)'
}
}).then(function(response) {
//process response
}).catch(function(err) {
})
);
});
That code is into an event.waitUntil() scope, into a function called from a 'push' event listener. However, the same exact call fails with a 401 (Unauthorized). The Network panel from the developer tools shows the headers are not being sent:
OPTIONS /latest-new.jsp HTTP/1.1
Host: {an accessible host}
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://localhost
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://localhost/service-worker.js
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Is there something missing here? or it just can't be achieved from a Service Worker?
Some extra info: just can't use XMLHttpRequest since it is 'Not defined' on the service worker scope. The headers on the JSP before retrieving the JSON:
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
UPDATE: definitely there is something with the authentication headers from the service workers, since the requests to non-secured URLs does not fails. The same service without Apache authorization works as expected.
You should set as allowed headers also accept and authorization
also body of the response for "OPTIONS" request should be empty (it is not necessary indeed, but there is no use case for body in such response) and
Content-length:should be 0 (zero)Please note, that this request should not be passed to application (you can, but not need)
Pass {"credentials": "include"} as the param to the fetch() call.
https://fetch.spec.whatwg.org/