I'm not very versed in angular or nodejs. But I think I had the same
problem and solved it by putting the server in the following code:
*server.js*
var allowCrossDomain = require('./config/allowCrossDomain');
app.use(allowCrossDomain);
*./config/allowCrossDomain.js*
module.exports = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type,
Authorization');
if ('OPTIONS' == req.method) {
res.send(200);
}
else {
next();
}
};
Salute!
[email protected]
2014-05-22 12:20 GMT-03:00 Tomas Kouba <[email protected]>:
> Hello,
> the Access-Control-Allow-* headers are send by the server (apache on
> tomaso.cz in this case).
>
> If anyone has an example of using an API against an existing server with
> working CORS it would help me a lot I think.
> Cheers,
> --
> Tomas
>
>
> On Thu, May 22, 2014 at 4:15 PM, Neil Camara <[email protected]>wrote:
>
>> Because those headers should be sent by the server and not the browser.
>>
>>
>> On Thursday, May 22, 2014 7:58:42 AM UTC-5, Tomas Kouba wrote:
>>>
>>> Hello,
>>>
>>> the API I'd like to use with angularjs uses token based authentication.
>>> I am trying to set up the CORS properly, but I am a bit lost.
>>>
>>> Can anybody please help me with the following example?
>>>
>>> The auth token is returned as a custom http header. In my example it is
>>> X-token header from http://tomaso.cz/token/token.html
>>>
>>> If my angularjs "app" is sitting at http://tomaso.cz/get_token.html
>>> (js code at http://tomaso.cz/app.js )
>>> it works fine and I can print the token.
>>>
>>> If I want to launch the same code from localhost the browser (firefox
>>> 29.0) issues an OPTIONS method
>>> and gets (IMHO correct) headers:
>>>
>>> Access-Control-Allow-Origin: *
>>> access-control-allow-credentials: true
>>> access-control-allow-headers: x-account, accept,
>>> access-control-request-origin
>>> access-control-allow-methods: GET,OPTIONS
>>>
>>>
>>> After this the GET method is issued, but the angularjs "headers" object
>>> is empty (it does not
>>> contain the 'X-token' header.
>>>
>>> I have also tried to put the client on a different server than localhost
>>> and it does not work at all - the OPTIONS is
>>> issued but then browser complains: "Cross-Origin Request Blocked: The
>>> Same Origin Policy disallows reading the remote resource at
>>> http://tomaso.cz/token/token.html. This can be fixed by moving the
>>> resource to the same domain or enabling CORS."
>>>
>>> I think I have changed everything on the server side to switch CORS on.
>>>
>>> Thanks in advance for any suggestions.
>>>
>>> Cheers,
>>> Tomas
>>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "AngularJS" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/angular/fNSu70g-Yy8/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected].
>>
>> To post to this group, send email to [email protected].
>> Visit this group at http://groups.google.com/group/angular.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> --
> Tomáš Kouba
>
> --
> You received this message because you are subscribed to the Google Groups
> "AngularJS" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/angular.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
