search

doedje / jquery.soap

This script uses $.ajax to send a SOAP:Envelope. It can take XML DOM, XML string or JSON as input and the response can be returned as either XML DOM, XML string or JSON too.
352 stars 148 forks source link

Please allow set withCredentials flag #109

Closed Hubbitus closed 7 years ago

Hubbitus commented 7 years ago

With request to open service:

$.soap({
  url: 'https://cors-anywhere.herokuapp.com/http://fias.nalog.ru/WebServices/Public/DownloadService.asmx'
  ,method: 'GetAllDownloadFileInfo'
  ,data: {}
  ,HTTPHeaders: { 'origin': '*' }
  ,success: function (soapResponse) { alert('succes'); }
  ,error: function (soapResponse) { console.log('error', soapResponse); }
});

I got error: XMLHttpRequest cannot load https://cors-anywhere.herokuapp.com/http://fias.nalog.ru/WebServices/Public/DownloadService.asmxGetAllDownloadFileInfo. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://example.com' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.

So, if I understand correctly set withCredentials=false should solve problem

doedje commented 7 years ago

Did you try changing the code yourself? Does it indeed fix your problem?

doedje commented 7 years ago

did you test it? does it work? I am eager to implement any improvements to $.soap... helping me out on stuff is highly appreciated...

doedje commented 7 years ago

I'll reopen the issue and will explain what you can do:

Open jquery.soap.js in your favorite editor and look for line 283-290:

xhrFields: {
    // Add xhrFields, and set xhrFields.withCredentials = true by default, otherwise,
    // it can't send a cross-domain request successfully in Chrome without this settings.
    // You can use it to set withCredentials to true for cross-domain requests if needed.
    // More about it is in jQuery official website. (http://api.jquery.com/jquery.ajax/).
    // I hope it's useful and tested in Chrome & IE 11+ & IE Edge, Thanks.
    withCredentials: true
},

Now change that code to withCredentials: false. Test your application... If it works these are your options:

1) Use your altered version of jquery.soap.js or 2) Report back to me the change indeed fixes your issue and hope that somewhere in the near future I have the time to implement a way to set the withCredentials flag. or 3) Start coding, implement it yourself, send me a pull request when your done and contribute to the open source community. When you choose this option I would like to recommend the ability to set the whole xhrFields object, with the default of withCredentials=true for backwards compatibility.

I hope to hear from you....

bflemi3 commented 7 years ago

Yes, changing withCredentials to false did indeed work. Perhaps making configurable would solve this issue.

doedje commented 7 years ago

Would you please report to me if the fix is working for you? You should no be able to do:

$.soap({
  url: 'https://cors-anywhere.herokuapp.com/http://fias.nalog.ru/WebServices/Public/DownloadService.asmx'
  ,method: 'GetAllDownloadFileInfo'
  ,withCredentials: false
  ,data: {}
  ,HTTPHeaders: { 'origin': '*' }
  ,success: function (soapResponse) { alert('succes'); }
  ,error: function (soapResponse) { console.log('error', soapResponse); }
});
doedje commented 7 years ago

I really LOVE the fact that you DID NOT RESPOND. Lame-ass....

doedje commented 7 years ago

So far for "community"........