CODEWITHSUNDEEP
javascriptangularjsweb-servicesrestcors
Thierry Mattray
Thierry Mattray

Reputation: 41

AngularJS performs an OPTIONS HTTP request for a cross-origin resource => error 401

I'm trying to use $resource to get datas from a REST web service.

here is my code : 

    return $resource('http://serverURL', {}, {

                getQuartiers: {
                    method: 'GET',
                    headers:  {
                             'Authorization': 'Basic base64login:pseudostring',
                     },

                },


          });

The problem is that with headers like this, it's an option request that is send and i get an error 401 Unauthorized. If i remove headers, it's a GET request. But i need headers to send my Authorization string !

Otherwise the webservice is ok, either by going with chrome directly to the url => popup with login/pwd => correct datas at json format or by using postman chrome extension, which send a GET request.

What's the matter ?

Upvotes: 2

Views: 2055

Answers (1)

Mihai Dinculescu
Mihai Dinculescu

Reputation: 20033

You don't seem to be handling the preflight Options requests.

Your Web API needs to respond to the Options request in order to confirm that it is indeed configured to support CORS.

To handle this, all you need to do is send an empty response back.

This extra check was added to ensure that old APIs that were designed to accept only GET and POST requests will not be exploited. Imagine sending a DELETE request to an API designed when this verb didn't exist. The outcome is unpredictable and the results might be dangerous.

Upvotes: 1

Related Questions