0

I can't find a way to unlock a middleware within one of my extensions for an an external (other domain) javascript ajax-call:

$.ajax({ type:"GET",
         url:'https://intranet.stadtverwaltung.loc/Personal/Personal_NeueMitarbeiterVorstellung_Kommentarabfrage?Anfangsdatum=' + jetzt.getTime() / 1000,
         success: kommentarinfoAnpassen })

The site is secured by:

 <LocationMatch "/">
                Options FollowSymLinks
                AllowOverride All
                AuthType Kerberos
                AuthName "Intranet of X.COM"
                KrbMethodNegotiate on
                KrbMethodK5Passwd on
                KrbAuthRealms X.COM
                KrbServiceName Any
                Require valid-user
                Krb5Keytab /etc/apache2/intranetkeytab
                Header set Access-Control-Allow-Origin "*"
  </LocationMatch>

and I'm trying to unlock the middleware (XYZ?Parameter=Whatever) by:

<LocationMatch "/XYZ.*">
    AuthType None
    Require all granted
</LocationMatch>

If I replace "/XYZ.*" by "/" the original rule gets overwritten so that the script can access the middleware but then SSO is disabled for the entire Site, of course. When keeping the "/XYZ.*" the SSO works on the entire Site but also on the middleware so that the ajax-call gets rejected with 401.

Does anyone know how I can get both to work?

I already tried to solve this using: , , Require expr etc.

Improve this question
Related questions
2
SVN (mod_dav) 403 FORBIDDEN OPTION request
0
how to capture URL as a variable and use it in the apache configuration file
0
SSO failing with Kerberos Authentication using apache. User is sent to ErrorDocument
Load 4 more related questions Show fewer related questions

0

Reset to default