RWOverdijk
commented
7 years ago This looks good. I'll release this Monday, so I can test this first.
Closed a-jackson closed 7 years ago
RWOverdijk
commented
7 years ago This looks good. I'll release this Monday, so I can test this first.
a-jackson
commented
7 years ago Perfect. Thanks 😄
RWOverdijk
commented
7 years ago Published.
In order to authenticate with Windows authentication no request body is required. For this to work we needed to override the defaults of the api endpoint so there was no accept and content-type header to stop Chrome sending a pre-flight request. This is because Chrome does not attach credentials to pre-flight requests and yet IIS rejects anything that doesn't have them.
That was all fine until we tried to use IE with the fetch polyfill.
Since content-type is not application/json aurelia-api does not stringify the empty object we were passing to login and then fetch rejects it as an unsupported body.
Including the content-type header works in IE, the empty object is stringified and sends credentials on the pre-flight so everything is fine, except now Chrome doesn't work.
This seemed to be the simplest solution.