You need to handle the OPTIONS preflight request on your server, and it needs to return the correct Access-Control-Allow-* headers for the incoming request.
On Friday, June 13, 2014 3:17:08 AM UTC-7, Pelle Krøgholt wrote: > > Hi, > > I have some struggle to get authentication/token headers set on OPTIONS > preflight calls before a POST with angular.js. > > So my questions is: > > 1. should the service that I interact with allow all OPTIONS preflight > calls? > > or > > 2. do I simply implement the intercepter wrongly ? - based on interceptors > (https://docs.angularjs.org/api/ng/service/$http) and > http://www.html5rocks.com/en/tutorials/cors/ and > https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token > > i have this factory/config set up for my angular app: > > > myApp.factory('authInterceptor', function ($rootScope, $q, $window) { > return { > request: function (config) { > config.headers = config.headers || {}; > if ($window.sessionStorage.token) { > config.headers.AuthToken = $window.sessionStorage.token; > } > return config; > }, > response: function (response) { > if (response.status === 401) { > // handle the case where the user is not authenticated > } > return response || $q.when(response); > } > }; > }); > > myApp.config(function ($httpProvider) { > $httpProvider.interceptors.push('authInterceptor'); > console.log($httpProvider.defaults.headers.common); > }); > > this do not set a AuthToken on the OPTIONS preflight requests > > > hint/ suggests warmly welcomed! > > // > > pelle > > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
