Because those headers should be sent by the server and not the browser. On Thursday, May 22, 2014 7:58:42 AM UTC-5, Tomas Kouba wrote: > > Hello, > > the API I'd like to use with angularjs uses token based authentication. > I am trying to set up the CORS properly, but I am a bit lost. > > Can anybody please help me with the following example? > > The auth token is returned as a custom http header. In my example it is > X-token header from http://tomaso.cz/token/token.html > > If my angularjs "app" is sitting at http://tomaso.cz/get_token.html > (js code at http://tomaso.cz/app.js ) > it works fine and I can print the token. > > If I want to launch the same code from localhost the browser (firefox > 29.0) issues an OPTIONS method > and gets (IMHO correct) headers: > > Access-Control-Allow-Origin: * > access-control-allow-credentials: true > access-control-allow-headers: x-account, accept, access-control-request-origin > access-control-allow-methods: GET,OPTIONS > > > After this the GET method is issued, but the angularjs "headers" object is > empty (it does not > contain the 'X-token' header. > > I have also tried to put the client on a different server than localhost > and it does not work at all - the OPTIONS is > issued but then browser complains: "Cross-Origin Request Blocked: The > Same Origin Policy disallows reading the remote resource at > http://tomaso.cz/token/token.html. This can be fixed by moving the > resource to the same domain or enabling CORS." > > I think I have changed everything on the server side to switch CORS on. > > Thanks in advance for any suggestions. > > Cheers, > Tomas >
-- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
