0

I am trying to perform test using apiary api as the following:

 $scope.createAsset = function () {
 $http({
    method: 'POST',
    url: 'http://polls.apiblueprint.org/createStory',
    headers: {'Access-Control-Allow-Origin': '*'}
});
}

Apiary:

FORMAT: 1A
HOST: http://polls.apiblueprint.org/
# BulBulTest
BulBulTest is a simple API for testing.

## Create story [/createStory]
### Create story [POST]

+ Response 200 (application/json)       
{
    "Status": "Story created sucessfully",
    "published_at": "2015-08-05T08:40:51.620Z",
    "publisher": "Johm Smith"
}

and I get error even after setting the allow-origin.

kittu
  • 6,662
  • 21
  • 91
  • 185
  • Well you are setting request headers, is the server responsing with proper response headers? – T J May 27 '16 at 11:02
  • 1
    The Access-Control-Allow-Origin header needs to be set via the server not the client. So there will be an OPTIONS request (aka the pre flight check). This request should respond with all the Access Control jazz. – David Jones May 27 '16 at 11:06
  • Please share the server side code. I don't think there is anything wrong at the client end. – Sampada May 27 '16 at 11:20

2 Answers2

2

You have a misunderstanding of CORS: The Access-Control-Allow-Origin header comes from the server, not the client. It's the server that decides whether to allow a cross-origin call.

There's nothing you can do in your client-side code to enable a cross-origin call if the server doesn't support it.

T.J. Crowder
  • 1,031,962
  • 187
  • 1,923
  • 1,875
  • I am using grunt server to run app locally – kittu May 27 '16 at 11:08
  • If you're running the server app locally then why you're making a request to `url: "http://headers.jsontest.com/"` your server files will be available in `http://localhost:/` – Vishwa May 27 '16 at 11:31
  • I want to create a test api using apiary – kittu May 27 '16 at 11:56
  • *"I am using grunt server to run app locally"* The server that grants access isn't **your** server, it's the `http://polls.apiblueprint.org` server. – T.J. Crowder May 27 '16 at 12:26
  • really? I guess its the problem of security that trying to access from local host to http site. What if I have my app loaded in to heroku or openshift and then try to access the apiary test api? – kittu May 27 '16 at 18:00
  • @Satyadev: Any *cross-origin* request (localhost -> apiary, heroku -> apiary, etc.) will be prevented by the Same Origin Policy unless the *server* receiving the request (apiary) allows requests from that origin. If their API is meant to be used from browsers, they should support CORS and/or provide a JSONP alternative. If it's not meant to be queried from browsers, they won't, and youll need to do the query from *your server* (servers aren't subject to the SOP). – T.J. Crowder May 28 '16 at 06:28
0

I don't think you have to set "Access-Control-Allow-Origin", but rather you might be missing some additional parameters since it is a POST call. If you have API method details then check what are the parameters required in "@RequestParams".Hope this might help.

Adarsh Niket
  • 1
  • 1
  • 2
  • Okay in that case can you just test this and tell me whether you are getting any response or not. `$http({ method: 'GET', url: 'http://polls.apiblueprint.org/questions' });` – Adarsh Niket May 27 '16 at 11:26
  • Ya its working, but when I use `http://polls.apiblueprint.org/createStory` it says not found in the browser – kittu May 27 '16 at 12:13
  • Okay then I think there is some error in "create story" url. Please check the url once again. – Adarsh Niket May 30 '16 at 06:41