The "401 Unauthorized" Error in JavaScript

[ig...@sherpadesk.com]

Hi Peter!

I'm trying get FreshBooks data in JavaScript. I'm using jQuery. I have tried two methods of authentications: oAuth and Token-Based and I have same results for both authentication methods. I got the error: "401 Unauthorized". Please look at the 401Unauthorized.jpg attached to this post.
This is example for Token-Based authentication:
$(document).ready(function () {
        if (!window.btoa) window.btoa = base64.encode;
        var postData = '<?xml version="1.0" encoding="utf-8"?><request method="client.list"></request>';
        $.ajax({
            type: "POST",
            url: "https://vikkisoft.freshbooks.com/api/2.1/xml-in",
            data: postData,
            cache: false,
            crossDomain: true,
            dataType: "xml",
            headers: {
                'Authorization': make_base_auth('e8195ab979fec886600e104eb3d80522', 'X'),
                'content-type': 'application/x-www-form-urlencoded'
            },
            success: function (d) {
                alert("success");
                alert(d.text);
            },
            error: function (e, textStatus, errorThrown) {
                alert("error");
                alert(textStatus);
                alert(errorThrown);
            },
            complete: function (xhr, status) {
                alert(xhr.responseText);
            }
        });
    });
         function make_base_auth(user, password) {
             var tok = user + ':' + password;
             var hash = window.btoa(tok);
             return "Basic " + hash;
         }

If I set the $.support.cors = true, then all works well in Internet Explorer (please look at the IE.jpg attached to this post), but doesn’t work in other browsers. I have attached my codes to this post - file FBAPITest.zip.
All works well for me in ASP.NET (server side), but I need to get data from FreshBooks API in JavaScript.
Please help me.

Thanks,
Igor

[Anton Nguyen]

Hey Igor,

I took a look at your code, and it should work as expected. Unfortunately, the problem you're running into, has to do with the Same Origin Policy, which is preventing your script from talking to FreshBooks, because its not running on the same domain. While you've proactively taken some steps, such as setting "crossDomain" to true, the server (API in our case) has to support it as well, so that it can return the correct header values (Access-Control-Allow-Origin: * if you're curious).

My theory, as to why it works on IE, is because the browser removes any Same Origin Policy restrictions if you're on a site that's part of your "Trust Zone". Generally, when I write javascript apps that need to talk to FreshBooks, I turn it into a Chrome Extension, since it allows you to whitelist the sites to allow.

Hope that answers your questions. Let me know if there's anything else I can help you with!

Anton

[Jon Vickers]

Ah, yea the Freshbooks API does not support CORS.     It failed for me on IE 9.  If it is working on IE 10, Igor, you must have some special overrides enabled to make IE work. It should not work in IE either.

[Rahul Raj]

Dear Peter,

I am facing same problem . In same domain one URL is working fine and another url giving same exception . 

Will I do anything in manifest file.

Please sugegst.

Thanks,

Rahul