2

I'm doing some changes in web AngularJS app (1.3 version). For ajax calls I use $http. All requests are cross-origin, so I use CORS headers in all responses from server.

My problem is that during unexplainable reasons all CORS headers are cut when I monitor them in Chrome (the same for Firefox) but I see them in Fiddler response. It happens for requests with status code >= 400. So all requests with status code 200 has CORS headers in a response.

In Fiddler I see:

Access-Control-Allow-Headers: Origin, Content-Type, Accept, Cache-Control
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Connection: keep-alive

But in browser I see:

Connection: close

It's a cause that $http always returns 0 as a status code. For 1.4.0 Angular $http was rewritten and this works properly even without CORS headers, but I can't update angular library now.

Does anybody face the same problem?

Andrey Losikhin
  • 35
  • 7
  • What are you using as a HTTP server? Apache? – MinusFour Aug 20 '15 at 15:04
  • Tried both IIS8 and node server (http://stackoverflow.com/questions/6084360/using-node-js-as-a-simple-web-server) – Andrey Losikhin Aug 20 '15 at 15:09
  • And how are you adding the CORS headers? – MinusFour Aug 20 '15 at 15:13
  • API assumes control over this question. I don't know how, sorry. Anyway, I tried to send the same request from my home PC. Everything works fine there. It's really strange. I think some settings are broken. Windows... – Andrey Losikhin Aug 20 '15 at 15:23
  • IIS8 should have its own 400 response which I think you can modify to include CORS headers. On node.js you'll also have to explicity send those headers for your 400 response. Anyway, why do you need to have CORS on 400 response codes? – MinusFour Aug 20 '15 at 15:28

2 Answers2

2

I've found a couple of gotcha's when trying to receive a 400 status code over a CORS enabled connection.

An AJAX POST request from A to B will result in two requests to B. First a preflight request using OPTIONS method. And if the preflight is successful then the POST request will be made.

When A sends OPTIONS request to B. B must answer with all the CORS headers and a status code 200. (200 is important!).

When A send POST request to B. B must again answer with all the CORS headers, this time the status code is non-important to CORS and you can use any fitting status code you need.

Firefox console is great at telling you what specificly failed in your CORS request, make sure you got all the different filters off.

Jonas Äppelgran
  • 2,617
  • 26
  • 30
0

I ran into the same problem. Make save that the "Cache-Control" header is only set to "no-cache". If "no-store" is set, you will maybe not the response of requests >= 400 in the console of Chrome.

saschanos
  • 101
  • 1
  • 4