1

I am trying to write HTTP post request in AngularJS.

Sending POST request to https://api.att.com/oauth/token.

Following is the code snippet:

$scope.getToken = function () {
    /*alert('in get token');*/
    if($http({
        method:'POST',
        url:'https://api.att.com/oauth/token',
        headers:{
            'Content-Type':'application/x-www-form-urlencoded',
            'Accept':'application/json'
        },
        params: {
            'client_id':'myclientid',
            'client_secret':'mysecret',
            'grant_type':'client_credentials',
            'scope':'SPEECH'
        }
    }

Error in Chrome:

XMLHttpRequest cannot load https://api.att.com/oauth/token?client_id=d3m1zlqukeyjctt5jj69jicwx4hxlpz9&…zzwjdrvf3cugiiaycxbujqkwjfze782&grant_type=client_credentials&scope=SPEECH. Origin http://localhost:8383 is not allowed by Access-Control-Allow-Origin.

Works fine with a temporary workaround: chrome.exe --disable-web-security .

Is there any other way in client side to solve this problem because I don't have any control on the server side?

Mika Sundland
  • 18,120
  • 16
  • 38
  • 50
monish
  • 153
  • 1
  • 2
  • 10
  • http://learn.jquery.com/ajax/working-with-jsonp/ – Jamie Dixon May 29 '14 at 10:46
  • 5
    I hope you didn't just post your real login-credentials on an open webpage. – ivarni May 29 '14 at 10:53
  • I edited your question to redact the credentials...review before posting! – tymeJV May 29 '14 at 11:53
  • The damage is already done. You should request new credentials. – JJJ May 29 '14 at 11:53
  • 1
    Editing doesn't help. The full history of the post is visible. The credentials, if they were real, are compromised and should be changed. – ivarni May 29 '14 at 11:53
  • It will all depend on what the api.att.com site allows. Your request is failing because your origin is not allowed to make that request. The fact that it works when you disable Chrome's web security indicates that Chrome is preflighting your request and the preflight is failing. Check your headers and make sure all are in accord with making a [simple cross origin request](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Simple_requests) – J.Wells May 29 '14 at 13:23

0 Answers0