3

I was trying to access api running in localhost using angular $resourses, chrome console gives me error saying ERR_INSECURE_RESPONSE.

I tried disabling web security in chrome. still same error. here is the angular factory that i used. How can I bypass this error and test my app.

    ImpactPortal.factory('apiFactory', function ($resource) {
    return $resource('https://localhost:8443/mifosng-provider/api/v1/client_impact_portal', {}, {
        query: {
            method: 'GET',
            params: {},
            isArray: true
        }
    })
});
Channa
  • 3,267
  • 7
  • 41
  • 67

4 Answers4

6

Enabling CORS in Angular.js 

var myApp = angular.module('myApp', [
    'myAppApiService']);

myApp.config(['$httpProvider', function($httpProvider) {
        $httpProvider.defaults.useXDomain = true;
        delete $httpProvider.defaults.headers.common['X-Requested-With'];
    }
]);

A server supporting CORS must respond to requests with several access control headers:

Access-Control-Allow-Origin: "*"

By default, CORS requests are not made with cookies. If the server includes this header, then we can send cookies along with our request by setting the withCredentials option to true.

Access-Control-Allow-Credentials (optional)

If we set the withCredentials option in our request to true, but the server does not respond with this header, then the request will fail and vice versa.

Narek Mamikonyan
  • 4,601
  • 2
  • 24
  • 30
2

Only try this:

Go to https://[your-domain].com and then chrome block you with the famous page:

Your connection is not private

So go down to ADVANVCED and then proceed.

Your certificate is probably self-signed.

Remember to do that for each Chrome session.

Shayan Amani
  • 5,787
  • 1
  • 39
  • 40
1

You must authenticate first and then send each request along with the auth token.

I am using RestAngular so my settings might look a little different from what you are working on.

This will go in your application config :-

RestangularProvider.setDefaultHeaders({ 'X-Mifos-Platform-TenantId': 'default' });

and something like this will go in your controller/service

var login = Restangular.all('authentication?username=mifos&password=password').post().then(function(user) {
   console.log(user);
 }, function() {
  console.log("There was an error saving");
 });
Avik
  • 1,170
  • 10
  • 25
-2

Error 501 (net::ERR_INSECURE_RESPONSE) - 501 Not Implemented

The server either does not recognize the request method, or it lacks the ability to fulfill the request. Usually this implies future availability (e.g., a new feature of a web-service API).

Can you confirm that curl request is working fine

curl -k --user damien@email.com:password https://localhost:8443/mifosng-provider/api/v1/client_impact_portal

If it is working fine:

ImpactPortal.factory('apiFactory', function ($resource) {
    return $resource('https://localhost:8443/mifosng-provider/api/v1/client_impact_portal', {}, {
        query: {
            method: 'JSONP',
            params: {},
            isArray: true
        }
    })
});

Try following this tutorial that consume an external API: http://www.toptal.com/angular-js/a-step-by-step-guide-to-your-first-angularjs-app

v2solutions.com
  • 1,439
  • 9
  • 8
  • thanks for the detailed reply. But my problem is that when using localhost api only. it works fine with urls mentioned in that tutorial. firefox gives an error saying "Cross-Origin Request Blocked: This can be fixed by moving the resource to the same domain or enabling CORS." – Channa Jul 07 '14 at 16:22
  • CORS is blocked in browser side that won't allow AJAX to request data from another domain. You can add crossdomain.xml like this http://stackoverflow.com/questions/20442628/cors-jquery-ajax-request or http://stackoverflow.com/questions/213251/can-someone-post-a-well-formed-crossdomain-xml-sample Or the workaround for AJAX Cross-Domain is JSONP: http://stackoverflow.com/questions/3506208/jquery-ajax-cross-domain but the API should support this kind of request. – v2solutions.com Jul 08 '14 at 06:36