Cannot call HTTP GET on an API that requires basic authentication

369 views
Skip to first unread message

Bryan Murphy

unread,
Aug 24, 2016, 10:45:34 PM8/24/16
to elm-d...@googlegroups.com
I'm having trouble calling Http.send on an API that requires basic authentication.  I collapsed the key part down into a single function:

httpGet : JsonDecode.Decoder value -> String -> String -> Task.Task Http.Error value
httpGet decoder authorization url =
  let request =
    { verb = "GET"
    , headers =
      [ ("Access-Control-Request-Method", "GET")
      , ("Authorization", "Basic " ++ authorization)
      , ("Origin", "http://127.0.0.1:8080")
      ]
    , url = url
    , body = Http.empty }
  in
    Http.fromJson decoder (Http.send Http.defaultSettings request)

I believe the API endpoint has CORS configured properly:

< HTTP/1.1 200 OK
< Server: nginx/1.10.1
< Date: Thu, 25 Aug 2016 02:38:57 GMT
< Content-Type: application/json
< Content-Length: 165
< Connection: keep-alive
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, OPTIONS
< Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

The problem I'm seeing is that when I trigger the Http.send in Chrome and Firefox, I only ever see an OPTIONS request returning 204 in the network tab.  I never see the corresponding GET request and the Http.send function returns a very unhelpful NetworkError. 

Can anybody point out what I am doing wrong?

Thanks,
Bryan

Peter Damoc

unread,
Aug 25, 2016, 12:48:44 AM8/25/16
to Elm Discuss
Could it be that you've run into an issue like the one described bellow ?
https://williambert.online/2013/06/allow-cors-with-localhost-in-chrome/


--
You received this message because you are subscribed to the Google Groups "Elm Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elm-discuss+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
There is NO FATE, we are the creators.
blog: http://damoc.ro/

Bryan Murphy

unread,
Aug 25, 2016, 9:05:35 AM8/25/16
to elm-d...@googlegroups.com
I don't think this is it.  I'm already returning those headers and the OPTIONS request returns a 204.

Bryan Murphy

unread,
Aug 25, 2016, 11:51:26 AM8/25/16
to elm-d...@googlegroups.com
I found the problem in the javascript console.  Access-Control-Allow-Headers was missing the Authorization header.   Nothing Elm related here.
Reply all
Reply to author
Forward
0 new messages