0

I have an angular app running from my local host and trying to access a REST URL in another domain via POST. I am sending 'Content-Type' and 'Authorization' headers in the http request. So I guess due to the Authorization header this request get a OPTIONS check.

These are my Request Headers

Accept:/
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:authorization,content-type
Access-Control-Request-Method:POST
Connection:keep-alive
Host:tmatxx101:8080
Origin:http://localhost:4200
Referer:http://localhost:4200/search
User-Agent:Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

These are my Response Headers

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:content-type,accept,authorization
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:http://localhost:4200
Access-Control-Max-Age:1800
Content-Length:0
Date:Thu, 18 May 2017 12:49:06 GMT
Set-Cookie:JSESSIONID=199td8fal1ak21ix0kgjljrqgp;Path=/bpm;HttpOnly

and the General section

Request URL:http://tmatxx101:8080/bpm/rest/process/start/xxxxxx.bpm.xpdl/xxxxx/1.0.0.20170517150430523
Request Method:OPTIONS
Status Code:401 There is no Security Context in the HTTP Session
Remote Address:172.16.35.84:8080
Referrer Policy:no-referrer-when-downgrade

Also the console contains an error
Response for preflight has invalid HTTP status code 401

My doubt is that since the Response headers contains Access-Control-Allow-Origin and localhost, I should be able to access the method , but I still get that error

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:content-type,accept,authorization
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:http://localhost:4200

Is there anything that I should do on the Angular code to make this work or should I be contacting the server team for this. My Angular code is as follows

 const headers = new Headers({'Content-Type': 'application/xml', 'Authorization':'Basic xxxx'});

this.http.post(url, jsonRequest, {headers: headers})
     .subscribe(
       (response: Response) => {
         console.log(response.json());
       }
     );
Jeenson Ephraim
  • 551
  • 2
  • 9
  • 24

2 Answers2

1

In Chrome at the end of the url address bar there is an icon where you can unblock unsafe content. I think its because its https trying to get a non http api calls.

Tyrone Moodley
  • 3,442
  • 1
  • 15
  • 16
-1

Try setting withCredentials to true. For example:

this.http.post(url, jsonRequest, {headers: headers, withCredentials: true})
 .subscribe(
   (response: Response) => {
     console.log(response.json());
   }
 );

BTW: the request has no Authorization header.

Edit: actually I don't think that will help, the server is probably returning a 401. I don't think this is a CORS issue. Perhaps we're missing some code.

Bart
  • 769
  • 1
  • 5
  • 9