Authorization header not working Angular 5

Question

I am consuming an JWT based API. I am passing the Authorization header correctly (I mean in the code), using headers.set('Authorization', 'token') and i am using the correct method which is GET.

When i serve the application (using ionic 3), i have the error 405 (Method Not Allowed), but the same request works when i use POSTMAN or i paste the code snippet (generated from POSTMAN) into the console.

Here's two captures of the working request (using code snippet from POSTMAN into the console) and the not working request (from the ionic app).

By the way, there is something weird about the authorization, i highlighted it in red.

Not a duplicate, but may be related: https://stackoverflow.com/questions/39408413/http-post-how-to-send-authorization-header In addition, you need to prepend "Bearer " to the header, rather than just use the token. — Michael Berry, Apr 12 '18 at 11:03
I suspect that it's a CORS issue since you're seeing an options request. Have a look at the link above and see if that helps. — Michael Berry, Apr 12 '18 at 11:04
When i use the code snippet form postman, it works. xhr.open("GET", "http://xx.xxx.xx.xx:8080/api/clients"); xhr.setRequestHeader("Authorization", "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VybmFtZSIsImlzcyI6Im15LWF3ZXNvbWUtd2Vic2l0ZS5jb20iLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE1MjE4MTI5NjN9.n418jsAmjsLNt99GoQIOzKFyK3MaMrWm77ovxJtNNDc"); — VenomBerry, Apr 12 '18 at 11:07
Yes, but a browser isn't postman. Browsers don't work by firing off the exact request you tell them - if the resource isn't from the same origin, then it has to go through a process of discovering what it can do with an options request first, before it makes the *actual* request you want. In your example its the options method that's failing, hence it'll never send the GET request. See here for more info: http://restlet.com/company/blog/2015/12/15/understanding-and-using-cors/ — Michael Berry, Apr 12 '18 at 11:19
You either need to move the server side component to the same domain so you don't get into CORS issues, or fix whatever is causing the options request to fail server side. — Michael Berry, Apr 12 '18 at 11:23
by the way, i am using the CORS plugin. Doesn't that change anything ? — VenomBerry, Apr 12 '18 at 11:29
Nope, there's no magic way to get around the options request on a cross domain call - it's there for security reasons. The plugin may well handle that transparently for you (if it works), but if the server can't respond to that options request correctly, then you can't make the cross domain call. — Michael Berry, Apr 12 '18 at 12:23

score 1 · Answer 1 · answered Oct 15 '19 at 07:31

If it is not a cors issue, you could try according to following code

const httpOptions = {
        headers: new HttpHeaders()
          .set('Authorization',  'Bearer ' +this.auth_token)
      }


    return this.http.get('http://xxxxxx00x:8080/api/clients',httpOptions);

sylwester · Answer 2 · 2018-04-12T11:48:16.323

0

On the top screen you have got request method OPTIONS not GET and response from the server is 405 Method not allowed not 401 Unauthorized or 403 Forbidden. So the problem is not authorization but request method. Looks like CORS issue.

edited Apr 12 '18 at 11:48

answered Apr 12 '18 at 11:03

sylwester

16,498
1
25
33

Authorization header not working Angular 5

2 Answers2