just an additional comment: my use case is for a project that requires to run on multiple domains because it also involves a hybrid mobil application that will run on a mobile device - so server side I have this headers set:
"Access-Control-Allow-Origin", "*" "Access-Control-Allow-Methods", "POST,GET,OPTIONS" "Access-Control-Allow-Headers", "Content-Type, AuthToken" On Friday, June 13, 2014 12:17:08 PM UTC+2, Pelle Krøgholt wrote: > > Hi, > > I have some struggle to get authentication/token headers set on OPTIONS > preflight calls before a POST with angular.js. > > So my questions is: > > 1. should the service that I interact with allow all OPTIONS preflight > calls? > > or > > 2. do I simply implement the intercepter wrongly ? - based on interceptors > (https://docs.angularjs.org/api/ng/service/$http) and > http://www.html5rocks.com/en/tutorials/cors/ and > https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token > > i have this factory/config set up for my angular app: > > > myApp.factory('authInterceptor', function ($rootScope, $q, $window) { > return { > request: function (config) { > config.headers = config.headers || {}; > if ($window.sessionStorage.token) { > config.headers.AuthToken = $window.sessionStorage.token; > } > return config; > }, > response: function (response) { > if (response.status === 401) { > // handle the case where the user is not authenticated > } > return response || $q.when(response); > } > }; > }); > > myApp.config(function ($httpProvider) { > $httpProvider.interceptors.push('authInterceptor'); > console.log($httpProvider.defaults.headers.common); > }); > > this do not set a AuthToken on the OPTIONS preflight requests > > > hint/ suggests warmly welcomed! > > // > > pelle > > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
