2

I am trying to use the Aurelia HttpClient to call the TagniFi API on a different domain (and authenticating). The relevant code is:

return this._httpClient.createRequest(uri)
     .asGet()
     .withCredentials(true)
     .withHeader('Access-Control-Allow-Origin', 'localhost:9000')
     .withHeader('Authorization', 'Basic <my-key>')
     .send();

I do receive a status 200 from the API, but I get the following error:

Response to preflight request doesn't pass access control check: A >wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header >when the credentials flag is true. Origin 'http://localhost:9000' is >therefore not allowed access. The credentials mode of an XMLHttpRequest >is controlled by the withCredentials attribute.

I am not sure if this is a error in the way I am making the call or a bug in Aurelia. Any help is appreciated. Thanks.

sevenshadow
  • 21
  • 1

1 Answers1

2

The Access-Control-Allow-Origin is an header sent in the response by the server and in your case you use it in the request from the client.

It's not a bug in Aurelia but a misuse of CORS.

See this excellent answer for more information on CORS.

Community
  • 1
  • 1
Valentin B.
  • 255
  • 2
  • 8
  • Thanks Valentin, I appreciate your response. So, if I am understanding correctly, the issues is that the destination server that I am calling is not configured to return the Access-Control-Allow-Origin header. In other words, this isn't a bug in my code but an error in the configuration on the server? If it is an error in my code, please let me know if you have a suggested fix. Thanks. – sevenshadow Apr 01 '16 at 12:11