0

Update: Two things: One, I was issuing the POST requests for jQuery and Angular from two different domains. I created a jsfiddle to test both requests from the same domain, and they both work. I tried to make the fiddle pretty general so that you can swap out the config values and test an XML POST request with basic http authentication for any site that you need to. The other thing is that, using the Angular $http service, the Data-Type header results in the following error: Request header field Data-Type is not allowed by Access-Control-Allow-Headers in preflight response. So I removed that header. I'm still troubleshooting why the request is working from one domain and not the other. Once I figure that out, I'll update and mark as resolved. /update

The following jQuery POST request with basic authentication works as expected:

var mapstory = {
  xml: '<?xml version="1.0" encoding="UTF-8"?> <wfs:Transaction xmlns:wfs="http://www.opengis.net/wfs" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" service="WFS" version="1.0.0" xsi:schemaLocation="http://www.opengis.net/wfs http://schemas.opengis.net/wfs/1.0.0/wfs.xsd"> <wfs:Update xmlns:feature="http://www.geonode.org/" typeName="geonode:dja_remote_service_edit_test"><ogc:Filter xmlns:ogc="http://www.opengis.net/ogc"><ogc:FeatureId fid="garbage_id" /></ogc:Filter></wfs:Update></wfs:Transaction>',
  url: 'https://demo.mapstory.org/geoserver/wfs/WfsDispatcher',
  auth: authToken //base64 encoded string of 'user:password'
};

$.ajax({
  url: mapstory.url,
  beforeSend: function(xhr) {
    xhr.setRequestHeader("Authorization", "Basic " + mapstory.auth);
  },
  type: 'POST',
  contentType: 'text/html',
  dataType: 'xml',
  processData: false,
  data: mapstory.xml,
  success: function(data) {
    console.log(data);
  }
});

Here are the response headers:

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin,Content-Type,Accept, Authorization, x-requested-with
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Connection: keep-alive
Content-Length: 0
Date: Fri, 01 Jul 2016 21:06:50 GMT
Server: nginx
access-control-allow-origin: http://localhost:8888

However, the following in AngularJS (v1.2.21) doesn't work:

var mapstory = {
  xml: '<?xml version="1.0" encoding="UTF-8"?> <wfs:Transaction xmlns:wfs="http://www.opengis.net/wfs" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" service="WFS" version="1.0.0" xsi:schemaLocation="http://www.opengis.net/wfs http://schemas.opengis.net/wfs/1.0.0/wfs.xsd"> <wfs:Update xmlns:feature="http://www.geonode.org/" typeName="geonode:dja_remote_service_edit_test"><ogc:Filter xmlns:ogc="http://www.opengis.net/ogc"><ogc:FeatureId fid="garbage_id" /></ogc:Filter></wfs:Update></wfs:Transaction>',
  url: 'https://demo.mapstory.org/geoserver/wfs/WfsDispatcher',
  auth: authToken //base64 encoded string of 'user:password'
};

var config = {
  withCredentials: true
};

config.headers = {
  'Authorization': 'Basic ' + mapstory.auth,
  'Content-Type': 'text/html',
  'Data-Type': 'xml'
};

$http.post(mapstory.url, mapstory.xml, config)
.success(function(data) {
  console.log(data);
});

I receive the following response headers from this request:

Content-Language: en
Content-Type: text/xml;charset=UTF-8
Date: Fri, 01 Jul 2016 20:52:13 GMT
Server: WSGIServer/0.1 Python/2.7.11
Vary: Accept-Language, Cookie
X-Frame-Options: SAMEORIGIN

I get a valid XML response from the Angular request above, but the response indicates that the request wasn't authorized.

I tried swapping out the Content-Type value with application/xml, but this didn't have any effect on the result.

I've read through the Angular $http documentation and approached a number of other resources, such as this Stack Overflow question which describes a similar issue. A recommended solution is to remove the X-Requested-With default header. This step is apparently not necessary in Angular versions above 1.2 (here's a closed issue for that on Angular's Github), but I tried it anyhow. No luck.

Any guidance on this would be wonderful. Thank you very much for taking the time to read and consider this!

Community
  • 1
  • 1
Darin
  • 109
  • 2
  • 1
    How do the request headers differ? If you are getting two different responses, they ***must*** differ in some way, and that should be a pretty good clue as to what is missing. – Kevin B Jul 01 '16 at 22:19

1 Answers1

-1

It looks like the server does not recognize angular as a same domain application. So what you must do is to include in the web server headers the value: access-control-allow-origin: * to allow requests from "outside" domains.

Gabriel Gonzalez Disla
  • 1
  • 2