I am trying to get a web service from Service Worker. This service is a JSP protected by basic Apache authentication, so I have to provide authentication credentials in the request headers. The following query works fine in the main window:
self.addEventListener('push', function(event) { console.log('Received a push message', event); event.waitUntil( fetch(ONLINE_SITE_ENDPOINT, { method: 'GET', mode: 'cors', headers: { 'Accept': 'application/json', 'Authorization': 'Basic btoa(auth info)' } }).then(function(response) {
This code falls within the scope of event.waitUntil () in a function called from the push event listener. However, the same exact call fails with 401 (Unauthorized). The Network panel from the developer tools shows that headers are not sent:
OPTIONS /latest-new.jsp HTTP/1.1 Host: {an accessible host} Connection: keep-alive Access-Control-Request-Method: GET Origin: http:
Is something missing here? or can it simply not be achieved by a worker?
Additional information: simply cannot use XMLHttpRequest, since it is "not defined" in the working worker area. JSP headers before extracting JSON:
response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
UPDATE: There is definitely something with authentication headers from production services, as requests for insecure URLs do not fail. The same service without authorization Apache works as expected.