4

I'm getting a CORS header missing error. I can't modify the code of the back end web service, I can only change the client side application.

I can add the "Allow control allow origin" addon on google chrome but I don't want to install the add on all the clients to access the api. How can i change my AngularJS code so that I will not get this issue?

<script>
var app = angular.module('myApp', []);
app.controller('myCtrl', function ($scope, $http) {
    $http.get('url', {
        headers: { 'Authorization': 'Basic a2VybmVsc3B==' }
    })
        .then(function (response) {
            $scope.names = response.data;
        });
});
</script>
Vishnu S Babu
  • 1,570
  • 1
  • 12
  • 23
Swapna
  • 403
  • 3
  • 6
  • 24
  • your server should send that header telling about the allowed origins. – techie_28 Jan 02 '17 at 06:50
  • It's because of your have different API server, So you can add header `"Access-Control-Allow-Origin", "*"` in your back-end server. – Avnesh Shakya Jan 02 '17 at 06:51
  • 1
    im able to resove this issue by adding addon in google chrome , then y cant i write code in front end application for that for cors header missing – Swapna Jan 02 '17 at 06:54
  • @Swapna You don't have to worry about the addons. They are allowed to get the data like postman. They can fetch data without any cors error. – Jai Jan 02 '17 at 06:58
  • 3
    The only way you can do this is by using a proxy. ***All the suggestions to use jsonp will not work*** since jsonp does not support headers – charlietfl Jan 02 '17 at 07:28
  • what do u mean by proxy, i didn't get you – Swapna Jan 02 '17 at 07:29
  • 3
    a server side script on a server you control that makes a cURL request to remote api or a third party service. Do a web search – charlietfl Jan 02 '17 at 07:30
  • I'm just guessing here, but how would you know the Content type? Can you add an entry in headers like `'Content-Type': 'application/json; charset=utf-8'` ? – kreddyio Jan 02 '17 at 12:15

3 Answers3

2

As mentioned in the comments, you will have to use a proxy, or some sort of proxy. There is no way around this.

However, it is fairly straightforward: make the server that serves the angularjs application do the api call.

First, you have to understand what server and client is. Afterwards, you need to understand that your angularjs application is served from a server. Your angularjs application can make http requests to that server, which will in turn make the call to the api, and return the result to the client:

crudely drawn diagram

I am somewhat assuming a Node server is serving your angularjs application, but any server can do the same, it will be able to make the http request without being a cross origin request.

In your case, when you do the url call, instead, call the server that serves your application, and then, from that server, create a service that will call the external api.

Community
  • 1
  • 1
Félix Adriyel Gagnon-Grenier
  • 8,422
  • 10
  • 52
  • 65
  • 2
    finally a sane answer! – charlietfl Jan 02 '17 at 07:56
  • worth mentioning that there are third party proxy services also. Personally I don't like using no-name ones but that option does exist – charlietfl Jan 02 '17 at 08:02
  • good point. However I rarely (never) use those, hence I am a bit hesitant to explain about that. will update if I feel I can add something worthwhile – Félix Adriyel Gagnon-Grenier Jan 02 '17 at 08:05
  • I have used several different ones that Yahoo supported. One is dead , was called pipes and was pretty cool. The other YQL is still alive and can do a lot of different things....xml to json, html scraper , straight json retrieval among a few – charlietfl Jan 02 '17 at 08:07
0

I had the same error. Angular at front makes requests to backend. Nginx is the proxy. So I added this line to my nginx config 

location /database/ {
        add_header Access-Control-Allow-Origin *;
        <other_lines>
}

This solved my CORSs issue.

Taras Vaskiv
  • 2,215
  • 1
  • 18
  • 17
-1

if you are using IIS Web server please add below config to your web.config file.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <add name="Access-Control-Allow-Origin" value="*" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

If you dont have access to backend use $http.jsonp(url) instead of $http.get(url)

Hadi
  • 443
  • 3
  • 15