Angular POST cross origin error while POSTMAN works

user3712353 picture user3712353 · Dec 23, 2015 · Viewed 13.7k times · Source

I try to POST from my angular login service:

$http.post('https://xyz/login',
            {
                headers: {
                    'Content-type': 'application/json',
                    'Accept': 'application/json',
                    'signature': 'asd'
                }

And I get this error:

XMLHttpRequest cannot load https://xyz/login. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:1337' is therefore not allowed access.

I tried this headers:

$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];

And also these:

"Access-Control-Allow-Origin": "*";
"Access-Control-Allow-Headers": "X-Requested-With";
"Access-Control-Allow-Methods": "GET, POST", "PUT", "DELETE";

The interesting thing, is that the POSTMAN works. What shoud I have to do?

Thanks.

Answer

apsillers picture apsillers · Dec 23, 2015

Your request includes non-simple headers Content-type and signature which must be included in the response's Access-Control-Allow-Headers header.

(Content-type is sometimes a simple header, but only for particular values. application/json is not one of those values, and it causes Content-type to become non-simple.)

Add Content-type to Access-Control-Allow-Headers in your server's preflight response.

POSTMAN is not bound by the same-origin policy, so it does not require CORS support from the server.