I do have two servers, server A and server B. server A runs on IIS with windows authentication. I also do have a Slim/Twig/PHP construct on server B. I calling a route on server B by using ajax on server A
ajax on server A
function triggerBalloonNotification(){
$.ajax({
method: "GET",
url: "http://serverB/route/on/serverB"
})
.done(function( json ) {
console.log('done');
});
}
this triggers an 'Access-Control-Allow-Origin' - error which i countered by adding the following to the web.config on server B
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
now i 'only' get an 401 unauthorized error (because of the windows authentication on server B).
how do i need to config the iis on server B to exclude a specific route from the authentication?
edit to be more specific: i know that i can exclude a physical folder, but i want to exclude a route which is 'not there' (in the filesystem)
found a solution.
added
xhrFields: {
withCredentials: true
}
to the ajax call on server A and set the 'Access-Control-Allow-Credentials' to 'true' on server B