2
votes

I know this was tackled so many times before. But I can see on the response that there is Access-Control-Allow-Origin on the header already.

This is my request code:

var req = {
  method: 'POST',
  url: "integration-api.domain.com/login",
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
    'X-AN-WebService-IdentityKey': identitykey,
    'X-AN-WebService-CustomerAuthToken': customerAuth,
    'X-AN-WebService-CustomerTransientToken': transientToken,
    'Cache-Control': 'no-cache'
  },
  data: datatopass
};

console.log(datatopass);

return $http(req).then(function(response){
  console.log(response);
  return response.data;
}, function(err) {
  console.log(err);
  return err;
});

This is the request header when viewing on chrome:

Accept:/
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:x-an-webservice-identitykey
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:integration-api.domain.com
Origin:http://OriginDomain
Pragma:no-cache
Referer:http://OriginDomain/apitest/
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36

Then the preflight response is:

Access-Control-Allow-Headers:x-an-webservice-identitykey, origin, content-type, x-an-webservice-customerauthtoken, x-an-webservice-deviceauthtoken,x-an-webservice-customertransienttoken,x-an-webservice-version
Access-Control-Allow-Origin:*
Date:Wed, 30 Nov 2016 06:56:50 GMT

Does the server needs to add Access-Control-Allow-Method or any other headers on the response or do I need to add something on my code?

I'm using angular.js to call an $http call to the url

1
how do you resolved the issueRavi MCA

1 Answers

1
votes

You need to allow method types as well

"Access-Control-Allow-Origin", "*";
'Access-Control-Allow-Methods', 'OPTIONS,GET,PUT,POST,DELETE";
"Access-Control-Allow-Headers", "X-Requested-With, Content-Type";

Please see this answer. Response to preflight request doesn't pass access control check in NodeJS