Thank you Jeff. Now I don't get the CORS errors anymore. But the difference between output of remote (http://tomaso.cz/get_token.html) and local ( http://localhost/~koubat/localtest/get_token.html) server is still there.
The console output for the remote (same as where the "API" is): accept-ranges "bytes" access-control-allow-credentials "true" access-control-allow-headers "x-account, accept, access-control-request-origin" access-control-allow-methods "GET,OPTIONS" access-control-allow-origin "*" content-length "0" content-type "text/html; charset=UTF-8" date "Thu, 22 May 2014 16:44:57 GMT" etag ""606a1-0-4f9c353bd0aea"" last-modified "Mon, 19 May 2014 16:33:45 GMT" server "Apache/2.2.15 (Scientific Linux)" x-token "1234567890" The one from localhost is much shorter: content-type "text/html; charset=UTF-8" last-modified "Mon, 19 May 2014 16:33:45 GMT" On Thu, May 22, 2014 at 6:18 PM, Jeff Hubbard <[email protected]> wrote: > > it does not contain the 'X-token' header. > > I don't see that header in the Access-Control-Allow-Headers header. You > won't be able to access said header, even if the server sends it back, > until that's fixed. > > > On Thursday, May 22, 2014 5:58:42 AM UTC-7, Tomas Kouba wrote: >> >> Hello, >> >> the API I'd like to use with angularjs uses token based authentication. >> I am trying to set up the CORS properly, but I am a bit lost. >> >> Can anybody please help me with the following example? >> >> The auth token is returned as a custom http header. In my example it is >> X-token header from http://tomaso.cz/token/token.html >> >> If my angularjs "app" is sitting at http://tomaso.cz/get_token.html >> (js code at http://tomaso.cz/app.js ) >> it works fine and I can print the token. >> >> If I want to launch the same code from localhost the browser (firefox >> 29.0) issues an OPTIONS method >> and gets (IMHO correct) headers: >> >> Access-Control-Allow-Origin: * >> access-control-allow-credentials: true >> access-control-allow-headers: x-account, accept, >> access-control-request-origin >> access-control-allow-methods: GET,OPTIONS >> >> >> After this the GET method is issued, but the angularjs "headers" object >> is empty (it does not >> contain the 'X-token' header. >> >> I have also tried to put the client on a different server than localhost >> and it does not work at all - the OPTIONS is >> issued but then browser complains: "Cross-Origin Request Blocked: The >> Same Origin Policy disallows reading the remote resource at >> http://tomaso.cz/token/token.html. This can be fixed by moving the >> resource to the same domain or enabling CORS." >> >> I think I have changed everything on the server side to switch CORS on. >> >> Thanks in advance for any suggestions. >> >> Cheers, >> Tomas >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "AngularJS" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/angular/fNSu70g-Yy8/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/angular. > For more options, visit https://groups.google.com/d/optout. > -- -- Tomáš Kouba -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
