1

I send an angularjs $http post request to a java backend:

var url = 'http://192.168.88.245:9000/dologin';
$http.post(url, 
            {
                "email" : "admin@admin.com",
                "password" : "1"
            }, 
            {
                withCredentials: true
            }
        )

In response i get this error:

OPTIONS http://192.168.88.245:9000/dologin 
(index):1 XMLHttpRequest cannot load http://192.168.88.245:9000/dologin. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. The response had HTTP status code 404.

But when i use Advanced Rest Client extension for chrome and sending same request with it, Server send 200 OK. This is the header in rest extension response:

Response headers 
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8 
Access-Control-Max-Age: 300
Content-Length: 1181

What is the difference in this two situations?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Morteza
  • 2,097
  • 5
  • 28
  • 47
  • request can only be sent to the same host, i think you are running your script on `localhost` and sending request to `192.168.88.245:9000` – Muhammad Bilal Mar 30 '15 at 10:36
  • @madforstrength Yes i'm on localhost. But why the extension can send that request but $http can't? – Morteza Mar 30 '15 at 10:37
  • Answers to this question may help: http://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work – Steven Wexler Mar 30 '15 at 10:41
  • @madforstrength that's not correct, enabling CORS allows you to access x-domain, and without CORS enabled even sending request to same domain but different port is treated as x-domain i.e. post from localhost:80 to localhost:81 Morteza I think you might have misconfigured backend, what java be are you using? – maurycy Mar 30 '15 at 10:43
  • @madforstrength Ok i'll read that. We use play framework. – Morteza Mar 30 '15 at 10:47
  • In that case check this: http://stackoverflow.com/questions/22144788/enable-cors-in-java-play-framework-2-2-x – maurycy Mar 30 '15 at 10:48
  • @maurycy our java developer says that these configurations are set in play framework. – Morteza Mar 30 '15 at 10:50
  • I think somethink is wrong in angularjs post, Because of `OPTIONS` word is red in console (i have written it in error: `OPTIONS http://192.168.88.245:9000/dologin`) – Morteza Mar 30 '15 at 10:54
  • Is there a chance that cache is involved? Did you tried incognito/private mode? – maurycy Mar 30 '15 at 10:54
  • @maurycy No. Tested in opera, firefox and chrome's incognito. – Morteza Mar 30 '15 at 10:57
  • I've checked the Advanced Rest Client, and it's not sending `OPTIONS` request, are you sure you return `200 OK` for those requests? – maurycy Mar 30 '15 at 10:59
  • @maurycy Yes. Even we changed something in response of server and we recieved it in Rest Client's response. – Morteza Mar 30 '15 at 11:02
  • maybe check this: http://stackoverflow.com/questions/20525178/http-options-request-gets-completely-ignored-by-play-route-config – maurycy Mar 30 '15 at 11:03
  • @maurycy We have set these options in play. When Rest extension recives response with correct headers, I think problem should be in angularjs. – Morteza Mar 30 '15 at 11:11
  • 1
    One last question: with advanced rest client you did both requests? I mean `OPTIONS` and `POST`? – maurycy Mar 30 '15 at 11:15
  • @maurycy Oh, Problem is this. I didn't know that `OPTIONS` is a request type. But why type of request is options when i wrote `$http.post()` ?! – Morteza Mar 30 '15 at 11:22
  • angularjs (and probably other frameworks too) do an `OPTIONS` request before i.e. POST, so in the OPTIONS response they receive list of which type can be done `Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE` if the POST is on list then it will do the request, in `Advanced Rest Client` you can choose to send `OPTIONS` request, do the same request you did for `POST` and see the output, my guess is that `OPTIONS` aren't properly configured on your server side – maurycy Mar 30 '15 at 11:28
  • @maurycy Aha. Thanks alot man! If you write this in an "answer", I'll made it green. :) – Morteza Mar 30 '15 at 11:31

1 Answers1

2

angularjs (and probably other frameworks too) do an OPTIONS request before i.e. POST, so in the OPTIONS response they receive list of methods that can be done

Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE

if the POST is on the list then it will do the request, in Advanced Rest Client you can choose to send OPTIONS request, do the same request you did for POST and see the output, my guess is that OPTIONS aren't properly configured on your server side and when you do POST request with Advanced Rest Client it omits the OPTIONS step that fails for angular

maurycy
  • 8,455
  • 1
  • 27
  • 44