My question:
A basic auth GET from my vendor works in Postman, but using the Javascript code generated from Postman fails with a CORs error. But, when I place the endpoint in my browser, and then enter the username/pass in the dialog box that pops up (yes, I know its a bit risky), it works fine.
Why?
I kept the request and response headers from the attempt from my site and the successful attempt from Chrome and can post a sanitized version if that helps.
Details (like screenshots):
Here is the Postman-generated code:
var myHeaders = new Headers();
myHeaders.append("Authorization", "Basic <suppressed>");
myHeaders.append("Cookie", "<Postman is adding a cookie...not sure why but it doesn't seem to be the issue");
var requestOptions = {
method: 'GET',
headers: myHeaders,
};
fetch("https://<suppressed>", requestOptions)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));
How I found the problem:
console.log and Network/headers
I’ve already tried:
-tried removing the cookie
-tried adding mode: ‘no-cors’ to request. Sometimes that get’s me past the CORS error, but then I get a 401 Unauthorized.
-tried replacing the base64 that Postman provides and perform that encoding in the code but same results.
-tried to refactor code into just a fetch with the second argument being the headers. same result
-tried using the successful request headers from my successful Chrome test. That didn’t work well at all.