(NodeJS / AngularJS) POST request with 'x-auth' token to server, but token seems to get lost in preflight (no error though)

Question

Background

I have a simple NodeJS server hosted on localhost/Heroku which handles JWT authentication for adding data to the registered user amongst other (unrelated) things.

Here's the GitHub: https://github.com/mlee93dev/pw-keychain-server

I also have a simple Angular2 client on localhost/Heroku for this server:

https://github.com/mlee93dev/pw-keychain-app

Currently, I have my JWT access tokens configured to last only 5 seconds in my server for development purposes.

I have my CORS stuff configured to the best of my knowledge as shown below in server.js:

CORS configuration pic

The Problem

On Postman I test the POST request and I get the expected response - a JWT expiration error:

Postman POST pic

However I don't get the same response on my client - rather, I get a 'JWT must be provided' error:

Client POST pic

As you can see in the pic above, I know I'm actually attaching a token as I console.log it. Here's a pic of the code:

Client POST code pic

So what's confusing me more is that my DELETE request (for logging out) also implements the same x-auth token to request code, and it works in both Postman + client, as seen here:

DELETE error response

DELETE code

So yeah, I'm pretty confused. My guess is I have to configure my CORS some more to allow x-auth header on POST requests specifically somehow? Even though I think it should do that already with my current configuration.

Answer 1

You are providing the body in post request instead of headers. Angular POST request

So in your post request just do the following

this.http.post(yoururl, {},{headers:new Headers({'x-auth':token})})... And it should work.