HTTP Basic Auth is working great when calling from my REST client. However, the app that is consuming the API is built w/ Backbone.
We tried overriding Backbone sync to pass along the Authorization header but it is failing on an options call -- from what I understand a preflight call to see if cross origin calls are allowed. And it's important to note that this is not unique to Backbone, this happens with any cross-origin AJAX call that has modified headers.
Response Screenshot: http://cl.ly/image/0j2v240A0p2f
I've also tried modifying the fullResponse (full_response.js) plugin bundled w/ Restify (by adding Authorization to the ALLOW_HEADERS array.
var ALLOW_HEADERS = [
'Accept',
'Accept-Version',
'Content-Length',
'Content-MD5',
'Content-Type',
'Date',
'X-Api-Version',
'X-Response-Time',
'Authorization'
].join(', ');
This is one of the few things left before being able to push to production. Any thoughts?
You need to enable cross origin resource sharing on your server: http://enable-cors.org/