-1

I'm doing an HttpPost and is giving to me error 401 but I've searched a lot on StackOverflow and I guess my call is OK, but the problem is when I execute this HttpPost on my ARC if I do not put the authorization: user:password it will popup a message saying this :

enter image description here

And I have to put it manually, BUT even if I do this :

enter image description here

It will pop up the Authentication required.

And it automatically changed to something like

authorization: Basic JvbnyZpZpzZWNTcHNQX=

And now, the code looks like this :

My headers 

 private headers = new Headers({ 'Content-Type': 'application/x-www-form-urlencoded' });
 private apiUrl = 'https://myApiTest/oauth/token';




var auth = "Basic " + Base64.encode("test:test");//Also have tried to copy the hexgenerated by ARC
    this.headers.append('authorization', auth);
    var body = 'grant_type=password&username=test@test.com&password=test';
     return new Promise((resolve, reject) => {
      this.http.post(this.apiUrl,body, {
            headers: this.headers
          })
        .subscribe(res => {
          alert(res.json());
          resolve(res.json());
        }, (err) => {
          reject(err);
          console.log(err);
        });
    });

And this is the error given by console

XMLHttpRequest cannot load https://myApiTest/oauth/token. Response for preflight has invalid HTTP status code 401 OPTIONS https://myApiTest/oauth/token 401 ()

EDIT

I've build it on my Android and it works fine seems like a problem with Google Chrome, I've found to use this : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir="C:/Chrome dev session2" --disable-web-security but I'd like to use other way.

Skizo-ozᴉʞS ツ
  • 19,464
  • 18
  • 81
  • 148

2 Answers2

2

My initial guess would be that the API doesn't allows a cross domain request(CORS) More on CORS -> CORS

You might need to add middle ware to your API to allow CORS There might be some headers to set here If you are using a node API you might wanna set headers.

res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,OPTIONS');

Sumit Dhameja
  • 141
  • 2
  • 9
0

You need to enable CORS.

In your server (https://myApiTest) and also your client requests.

Finally, I do not recommend you to disable the browser security, that should be your last resort.

Cheers!

Antonio Saco
  • 1,620
  • 12
  • 21
  • On my server is set I guess, as I said when I run this on my Android device it works the only problem is when I do "ionic serve" it says the : XMLHttpRequest cannot load https://myApiTest/oauth/token. Response for preflight has invalid HTTP status code 401 OPTIONS https://myApiTest/oauth/token 401 (), so how do I enable cors on my client request? adding `Access-Control-Allow-Origin "*"`? I did already and doesn't work. – Skizo-ozᴉʞS ツ Aug 02 '17 at 10:01
  • You are missing the `Origin header` in your client request – Antonio Saco Aug 02 '17 at 10:06
  • Something like this? `this.headers.append('Access-Control-Allow-Origin', '*');` – Skizo-ozᴉʞS ツ Aug 02 '17 at 10:11
  • `Access-Control-Allow-Origin` is server-side. For your client request: `this.headers.append('Origin': 'https://myApiTest');` if is not added automatically. – Antonio Saco Aug 02 '17 at 10:19
  • `http.es5.js:1256 Refused to set unsafe header "Origin"` – Skizo-ozᴉʞS ツ Aug 02 '17 at 10:33
  • Have you checked this: http://blog.ionic.io/handling-cors-issues-in-ionic/ – Antonio Saco Aug 02 '17 at 11:46