0

it logs

Refused to set unsafe header “Host”
Refused to set unsafe header “Access-Control-Request-Headers”
Refused to set unsafe header “Origin”

From what I've found from looking around is that Host, Origin,Access-Control-Request-Headers are automatically set by the browser for security reasons as mentioned in w3 headers

Is there a way to send the proper header information without resulting in these errors?

  • The only header you need set from Angular is `Authorization`. The rest (except for `Access-Control-Request-Headers` which is a server response header) are set by the client and not configurable – Phil Jun 02 '16 at 02:16
  • Also, `success()` and `error()` are [deprecated](https://docs.angularjs.org/api/ng/service/$http#deprecation-notice) – Phil Jun 02 '16 at 02:17
  • If I remove Origin from the header, it says Access-Control-Allow-Origin is not set in the response header and I can't read the response I get back from the server –  Jun 02 '16 at 03:09
  • How are you loading your app? It's not going to work via the `file:///` protocol. You'll need an HTTP server like [Express](http://expressjs.com/) – Phil Jun 02 '16 at 03:10
  • Actually, looking at the error, it seems the remote API may not be set up for CORS access. – Phil Jun 02 '16 at 03:21
  • When I pass Origin as a header, it doesn't log that error –  Jun 02 '16 at 03:39
  • But it does log the *"Refused to set unsafe header “Origin”"* error, right? – Phil Jun 02 '16 at 03:44

0 Answers0