Authorization blocked by CORs
In summary, three issues. Add to that the Forum Post has tinkered with the HTML.
In summary, (Item A) I don't get an authorization code and (Item B) I don't get redirected and (Item C) the console indicates blocked by CORs. I have used several variations indicated by the OR and the WITH AND WITHOUT. Trying it ad nauseum, many, many, many frustrating hours. In the Application Allowed Origins I have specified:
http://, https://, and https://tttbbb.php
I have used:
function apiGetCode() {
apiTarget = 'https://account.box.com/api/oauth2/authorize';
OR
apiTarget = 'https://app.box.com/api/oauth2/authorize'; (Suggested by a NOTE in Box documentation. No clue as to which is REALLY the correct url to use account... or app... Box documentation is not consistent.)
// Call API
ajaxObject = $.ajax({
url: apiTarget,
type: 'GET',
OR
type: 'POST',
WITH and WITHOUT HEADERS ...
headers: {
'Access-Control-Allow-Origin' : 'https://'
},
data: {
'response_type': 'code',
'client_id': 'kvo1wsa6vo3bbkzsyrfx5l3xtrnt6zra',
'redirect_uri': 'https:///ttt.php',
'state': 'ok'
},
//
success: function (dataObject) {
console.dir(dataObject);
}
});
}
In the Chrome Network log I see:
-
Request URL:
-
Request Method:GET
-
Status Code:200 OK (I have also see code 204 NO CONTENT)
-
Remote Address:107.152.27.198:443
-
Referrer Policy:no-referrer-when-downgrade
- Request Headers
- Provisional headers are shown
-
Accept:*/*
-
Access-Control-Allow-Origin:
-
DNT:1
-
Origin:https://
-
Referer:https:///tttbbb.php
-
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
- Query String Parametersview sourceview URL encoded
-
response_type:code
-
client_id:kvo1wsa6vo3bbkzsyrfx5l3xtrnt6zra
-
redirect_uri:https:///ttt.php
-
state:ok
In the Javascript console I see: (This is a typical console, I have run many tests, so I can't list all the consoles.)
tttbbb.php:1 Access to XMLHttpRequest at 'https://app.box.com/api/oauth2/authorize?response_type=code&client_id=kvo1wsa6vo3bbkzsyrfx5l3xtrnt6zra&redirect_uri=https%3A%2F%2F%2Ftttbbb.php&state=ok' from origin 'https://' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
jquery_211.js:4 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://app.box.com/api/oauth2/authorize?response_type=code&client_id=kvo1wsa6vo3bbkzsyrfx5l3xtrnt6zra&redirect_uri=https%3A%2F%2F%2Ftttbbb.php&state=ok with MIME type text/html. See https://www.chromestatus.com/feature/***card # removed for privacy*** for more details.
send @ jquery_211.js:4
ajax @ jquery_211.js:4
apiGetCode @ tttbbb.php:91
(anonymous) @ tttbbb.php:14
If I copy/paste the GET authorize URL without a redirect a get a Box grant/deny access page. This proves my parameters are correct, just CORs blocked. If copy/past GET authorize URL with a redirect, I get a redirect error. I am not able to add a redirect url to my app through the admin console - this is another boatload of hours wasted trying to get to that spot on the admin configurations.
In any reply, please don't fuss about the javascript.
サインインしてコメントを残してください。
コメント
0件のコメント