I try to POST from my angular login service:
$http.post('https://xyz/login',
{
headers: {
'Content-type': 'application/json',
'Accept': 'application/json',
'signature': 'asd'
}
And I get this error:
XMLHttpRequest cannot load https://xyz/login. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:1337' is therefore not allowed access.
I tried this headers:
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
And also these:
"Access-Control-Allow-Origin": "*";
"Access-Control-Allow-Headers": "X-Requested-With";
"Access-Control-Allow-Methods": "GET, POST", "PUT", "DELETE";
The interesting thing, is that the POSTMAN works. What shoud I have to do?
Thanks.
Your request includes non-simple headers Content-type
and signature
which must be included in the response's Access-Control-Allow-Headers
header.
(Content-type
is sometimes a simple header, but only for particular values. application/json
is not one of those values, and it causes Content-type
to become non-simple.)
Add Content-type
to Access-Control-Allow-Headers
in your server's preflight response.
POSTMAN is not bound by the same-origin policy, so it does not require CORS support from the server.