i have a question regarding CORS requests with HTTP Authorization header:
It seems to me that web browser is not sending Authorization header with POST request, is there any way around this?
Here is my Angular code:
var app = angular.module('app', [])
.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headersmon['X-Requested-With'];
}]);
app.controller('ctrl', function ($scope, $http) {
$scope.insert = function () {
$http.post('',
{
headers: {
'Authorization': 'Basic dGVzdDp0ZXN0',
'Content-Type': 'application/x-www-form-urlencoded'
},
data: {
'Code': 'test data'
},
withCredentials: true
});
};
});
On server side i have this in my web.config
<httpProtocol >
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With" />
<add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
i have a question regarding CORS requests with HTTP Authorization header:
It seems to me that web browser is not sending Authorization header with POST request, is there any way around this?
Here is my Angular code:
var app = angular.module('app', [])
.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
}]);
app.controller('ctrl', function ($scope, $http) {
$scope.insert = function () {
$http.post('http://my.api.com/Insert',
{
headers: {
'Authorization': 'Basic dGVzdDp0ZXN0',
'Content-Type': 'application/x-www-form-urlencoded'
},
data: {
'Code': 'test data'
},
withCredentials: true
});
};
});
On server side i have this in my web.config
<httpProtocol >
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With" />
<add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
- did u find a solution for that ? – Diaa Saada Commented Aug 26, 2015 at 7:38
2 Answers
Reset to default 11You're using the $http.post incorrectly. The second parameter is the data you need to send to server, you cannot set headers like this. In your case, it will send the whole object
as JSON payload
Try this:
$http({
url:'http://my.api.com/Insert',
method:"POST",
headers: {
'Authorization': 'Basic dGVzdDp0ZXN0',
'Content-Type': 'application/x-www-form-urlencoded'
},
data: {
'Code': 'test data'
}
});
withCredentials - {boolean} - whether to to set the withCredentials flag on the XHR object. See requests with credentials for more information.