There is a REST server on Yii2 . There is a Bearer по токену. type authentication Bearer по токену. To test requests using Postman. I am knocking to the server with the following url jw-server:8888/v1/users - I send the Authorization Bearer ****** in the request. All OK!

At the moment I am developing an application on backbone.js and encountered the following problem: I am collecting a user authentication script in sessionModel. I send a request from fetch to the jw-server:8888/v1/users + '/' + user_id address jw-server:8888/v1/users + '/' + user_id I get 401 in response. Naturally, I pass the Authorization headers with a token (and in different ways I tried to override backbone.sync, add beforeSend to the fetch request ) = useless. I went to safari, opened the console and code explorer. And I realized that 2 requests were flying from me.

  1. At this address method OPTIONS without Authorization headers. Returns 401 - not registered.

  2. At this address method GET with headers and everything as it should.

    As I understand it, the request goes first to find out what types of requests can be used at, then the request itself flies. But for some reason, both Chrome and Safari reflectors answer me 401. Moreover, if you look at the second document in safari. Data is coming. In Chrome, however, does not show how many requests. Just - one (401)

  • 2
    Read this here: learn.javascript.ru/xhr-crossdomain#in simple queries . What happens is not a feature of a library, but a feature of the implementation of cross-domain browsers. - Duck Learns to Take Cover
  • one
    The server should respond to this request with the status 200, without the response body, specifying the headers Access-Control-Allow-Method: method and, if necessary, Access-Control-Allow-Headers: allowed headers. - Mr. Music
  • In my case, the server responds to 401. Not authorized - to the OPTIONS request - Mr. Music

0