NodeJS | SailsJS | PassportJS AJAX Authentication: Making Sequential Requests for Data
Making sequential queries for data
TL; DR
Once authenticated, I cannot request data from my Front-End application, but only through server views and Postman can I make subsequent requests for data after login, or by authenticating my user in Postman and then requesting data in my application.
First, I am a newbie on the server side.
I have a SailsJS backend that I am using for REST. User creation and authentication using LocalStrategy works great - and even subsequent requests for data works fine, but not via AJAX from my application.
I can use Postman or server side views to access data for example /list
; making requests after authenticating in my app doesn't work - FREE . I go back to Postman and log in, and then go back to my application and redo the request.
I notice that mine set-cookie
in my application is different from the first authentication request and the request for /list
.
I can show some code if needed, but I seem to be missing a very high level, fundamental concept when making authenticated AJAX requests.
EDIT:
My frontend is on a different domain - Sails is running on localhost:1337
and my frontend is running on localhost:8100
.
Here's what mine looks like /api/config/cors.js
:
module.exports.cors = {
allRoutes: true,
origin: '*',
credentials: true,
// methods: 'GET, POST, PUT, DELETE, OPTIONS, HEAD',
// headers: 'content-type'
};
I am using angular in frontend and subsequent requests use withCredentials: true
- do I need to add this to the login request as well? Should I submit a username and email address along with the request?
How do I allow all my subsequent requests for authenticated data after login?
source to share
If your external application has a different origin than your backend application by default, AJAX requests will not contain a session cookie .
If you're using jQuery :
$.ajax({
url: a_cross_domain_url,
xhrFields: {
withCredentials: true
}
});
This option should be used for all AJAX requests, so the server can treat them as belonging to the same session.
You must also configure the server side to allow CORS requests.
source to share