0

I have a decoupled front-end and back-end. When I press submit button in front-end I would like to send POST http request to the server.

Code for submit:

$scope.onSave = function () {
        $http.post('http://localhost:3000/documents', { user: $scope.user, formData: $scope.formData }, function (response) {
            $scope.isSaved = true;
            console.log(response);
            if (response.success) {
                console.log("It has been successfully saved!")
            }
        });
}

Then, I get an error saying

XMLHttpRequest cannot load http://localhost:3000/documents. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3001' is therefore not allowed access. The response had HTTP status code 404.

What is an error here? I cannot really figure it out.

Another question: Let's say I'm logged in to this website. How do I get a USER info(like username or email) from the website. Do I access a URL header to get this info? When I send POST request, I need to send USER_ID as a param to successfully post data to the server.

Kahsn
  • 1,045
  • 3
  • 15
  • 25

1 Answers1

0

You should allow crossdomain access on serverside (CORS).

Rudolf Manusachi
  • 2,311
  • 2
  • 19
  • 25
  • Would this cause any kind of security loop hole? And can you give an example how to allow CORS in javascript? – Kahsn Apr 17 '16 at 23:51
  • if you use javascript on serverside (node.js) you can make something like this http://stackoverflow.com/a/29921446/2542172 – Rudolf Manusachi Apr 17 '16 at 23:54
  • So I don't need to do anything on the front end but on server side right? And do you happen to know how to allow in Ruby on Rails? That's what I'm using for the server. – Kahsn Apr 18 '16 at 00:03
  • @Kahsn just answered on your question in other post http://stackoverflow.com/a/36683562/2542172 – Rudolf Manusachi Apr 18 '16 at 00:15