CORS only working for one request

Question

I am making an API and so far the login POST request worked just fine

$http({
  url:'http://myurl/public/login',
  method:"POST",
  data:{usuario:$scope.usuario, password:$scope.password}
})
.then(function(response){
  //exito.

  if (response.data.status=="ok"||response.data.status==ok||response.data.status=='ok'){
    $cookies.put('jwtToken', response.data.token);
    $cookies.put('cliente_id', response.data.cliente_id);
    myNavigator.pushPage('components/inicio/inicio.html');
  }

})
.then(function(response){
  //fallo
  if (response.data.status=="error"||response.data.status==error||response.data.status=='error'){
  ons.notification.alert("Usuario y/o contraseña incorrecta");
}

I have no problem with the login, but when I try to do a GET request

 var cliente_id = $cookies.get('cliente_id');
$http({
 method:"GET",
 url:"http://myurl/public/informacion/"+cliente_id,
 headers:{'Authorization':'Bearer'+' '+ $cookies.get('jwtToken')}
 })
 .then(function(response){
 console.log(response.data);
 })
 .then(function(response){
  console.log("fallo");
  })

I get this error

Failed to load http://myurl/public/informacion/1376: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access. The response had HTTP status code 500.

And I have this on my server

$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response
        ->withHeader('Access-Control-Allow-Origin', '*')
        ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization, token')
        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
  });

I read somewhere that for headers with Authorization I need OPTIONS and I do have it, so if someknows why is this happening to me, please help.

"The response had HTTP status code 500." — You need to debug your 500 error. — Quentin, Feb 23 '18 at 09:46
"I read somewhere that for headers with Authorization I need OPTIONS and I do have it" — The error message doesn't mention a preflight, so it doesn't appear to be an issue with the options request. — Quentin, Feb 23 '18 at 09:46
@jaime have you tried adding header('Access-Control-Allow-Credentials: true'); — Binit Ghetiya, Feb 23 '18 at 09:52
@BinitGhetiya Wait a sec I am trying, because I added some code, now login is not working either hahaha — Jaime Cuellar, Feb 23 '18 at 09:58
are you using chrome ? then try installing https://chrome.google.com/webstore/detail/cors-toggle/jioikioepegflmdnbocfhgmpmopmjkim?hl=en-GB — Binit Ghetiya, Feb 23 '18 at 10:06
@Quentin To be honest I am pretty noob to PHP, so i dont know how to debug 500 error — Jaime Cuellar, Feb 23 '18 at 10:07
just try to paste all below 4 lines in your root index.php file — Binit Ghetiya, Feb 23 '18 at 10:09
@JaimeCuellar — Good thing there is a duplicate question with lots of advice on that subject then. — Quentin, Feb 23 '18 at 10:11
Please read this answer: https://stackoverflow.com/a/48909182/1461181 — odan, Feb 23 '18 at 10:55

score 0 · Answer 1 · answered Feb 23 '18 at 09:43

0

I have also faced same issue for my PHP application so i have added below code in index.php file at top of the file

header("Access-Control-Allow-Origin: *");
header('Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE, PUT');
header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With');
header('Access-Control-Allow-Credentials: true');

Hope this will help. Thanks

answered Feb 23 '18 at 09:43

Binit Ghetiya

1,919
2
21
31

That won't help. Roughly equalivent code is already in the question, and there's a 500 error to contend with. – Quentin Feb 23 '18 at 09:47
Didnt work ... :l – Jaime Cuellar Feb 23 '18 at 10:05

CORS only working for one request

1 Answers1