0

so I have this code

$http({
     'method': 'GET',
         'url': 'http://www.example.com',
         'withCredentials': true,
     headers: {
         'Content-type': 'application/json'
     }
 }).
 success(function (data, response, headers, status) {

});

This will return with the JSON array of records, well the http request is using credentials which is a JSESSIONID that use for every consecutive calls to the backend.

The problem is, it works on firefox but doesn't on chrome. So firefox does send the cookies containing the JSESSIONID but not chrome while I already set the withCredentials to true

Why does this happen?

Eka RudiAnto
  • 61
  • 3
  • 15
  • You tried debug the request, you sure what the "withCredentials" headers are sending correctly ? – Narek Mamikonyan Jul 11 '14 at 07:08
  • how do I make sure of that? @NarekMamikonyan – Eka RudiAnto Jul 11 '14 at 07:16
  • when you opening a chrome dev tools network section you can see the request headers and etc. – Narek Mamikonyan Jul 11 '14 at 07:17
  • yap actually this is the response header of credentials 'Access-Control-Allow-Credentials:true' but it does not send the JSESSIONID as firefox does – Eka RudiAnto Jul 11 '14 at 07:20
  • for your information chrome give this error 'XMLHttpRequest cannot load http://example.com/orders. The request was redirected to 'http://example.com/auth/login', which is disallowed for cross-origin requests that require preflight. ' @NarekMamikonyan – Eka RudiAnto Jul 11 '14 at 07:21

1 Answers1

0

This is the CORS exception, when you are trying to load data from another domain that giving you error, more about CORS.

And also check my answer how to enable CORS on angular js, but unfortunately your server also must enable CORS.

more about it

Community
  • 1
  • 1
Narek Mamikonyan
  • 4,601
  • 2
  • 24
  • 30
  • well actually the server is already set into CORS enable for every method.. do you know from angular side to enabling CORS ??? – Eka RudiAnto Jul 11 '14 at 12:34
  • check link in my answer http://stackoverflow.com/questions/24598187/error-when-accessing-localhost-api-in-chrome-neterr-insecure-response/24627487#24627487 – Narek Mamikonyan Jul 11 '14 at 12:59
  • I used your option and it is not working I think.. is $httpProvider configuration the same as $http ? @NarekMamikonyan – Eka RudiAnto Jul 12 '14 at 16:14
  • you sure what your server responding with same headers ? – Narek Mamikonyan Jul 12 '14 at 22:05
  • 1
    yap I'm pretty sure.. the different is that chrome does not send the JSESSIONID credentials like firefox... strange because I already set the access control with credentials to true... @NarekMamikonyan – Eka RudiAnto Jul 13 '14 at 07:57