AngularJS authenticates against server side using REST, and gets the JSESSIONID cookie. In the next step I am trying to get some JSON data from server side using REST along with the session cookie gained in the previous step. Here is the client-side code:
getSomeJSONDataFromServer:function() {
var deferred = $q.defer();
$http({
method: 'POST',
withCredentials: true,
url: "http://domain.name/app/someURL",
headers:{
'Accept':'application/json',
'Content-Type':'application/json; charset=utf-8',
'Access-Control-Request-Headers': 'X-Requested-With, content-type, accept, origin, withcredentials'
}
})
.success(function(data, status, headers, config) {
// handle data
})
.error(function(data, status, headers, config) {
// handle error
});
return deferred.promise;
}
The code above works OK:
The problems start when I send some data in the above POST request body.
...
$http({
method: 'POST',
withCredentials: true,
url: "http://domain.name/app/someURL",
headers:{
'Accept':'application/json',
'Content-Type':'application/json; charset=utf-8',
'Access-Control-Request-Headers': 'X-Requested-With, content-type, accept, origin, withcredentials'
},
data: '{}'
})
.success(...
The above code fails in the prelight request:
Looks like the server starts a new session because the session cookie is not sent for some reason. Anyway, I feel like I am missing something really simple, some header or something like that... Any ideas are appreciated. Thanks in advance.
Amir,
Allow me to help you and others clearly understand what is expected when dealing with CORS, as such:
This SIMPLE version clearly IS NOT your case...
This PREFLIGHTED version clearly IS your case...
Requests with Credentials clearly IS your case as well...