0

In my Angular 10 app I'm sending a get request with a token in its header to ApiGateway. ApiGateway is responsible for redirecting the request to the right service in my backend.

I'm trying to handle a case where the token that is sent isn't valid. In this case the backend should return error 401 - Unauthorized Access. ApiGateway converts the 4XX errors from my backend to 302 response and should redirect the customer to the login page.

However, the browser of the customer isn't redirected and I'm getting server return code 0 :

Server returned code : 0, error message is : Http failure response for https://orig-api-url: 0 Unknown Error

The following function used for capturing http errors:

  private handleError(err: HttpErrorResponse) {
    let errorMessage = '';
    if (err.error instanceof ErrorEvent) {
      errorMessage = `An error occurred : ${err.error.message}`;
    } else {
      errorMessage = `Server returned code : ${err.status}, error message is : ${err.message}`;
    }
    console.error(errorMessage);
    return throwError(errorMessage);
  }

I understand that the browser does the redirection for me but why the client's browser isn't redirected? When I send the api request directly via the browser (and not via my Angular app) I'm redirected successfully.

In my network trace I see both the orig api request and the redirection response that returns text/html and status 200. Then why does my Angular app receives status code 0 (CORS issue maybe?) ? Do I need to handle it somehow in the code ?

The following solution suggested to return to the customer the 401 error and then handle the redirect (router navigate) in the code. I don't want to replace the 302 because I want to redirect users without token to the login page.

halfer
  • 19,824
  • 17
  • 99
  • 186
JeyJ
  • 3,582
  • 4
  • 35
  • 83
  • Your browser gets redirected because it interprets the HTTP status code how it was designed to. If you want your application to do the same, you have to do the same as the browser would do: If you receive a 302, redirect the user to the URL mentioned in the `Location` header. Also, just for the sake of completeness: HTTP status code `3xx` is not an error, it is a redirection (https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#3xx_redirection). – Smutje Nov 16 '20 at 11:50
  • Yes I know that 3xx is redirection. My problem is that for some resources i want the browser to handle the redirection (like it does..) and for others (api calls to backend) it should return it to the app. Is that possible ? – JeyJ Nov 16 '20 at 12:01
  • I am not sure if Angular allows you to selectively not handle requests with a certain HTTP status code and pass them on to the browser instead – Smutje Nov 16 '20 at 12:03
  • I'm trying to handle a situation where the browser does the redirection but returns html text of the dest page to my angular app, instead of redirecting the entire page and displaying it – JeyJ Nov 16 '20 at 12:03
  • That sounds weird, how should your browser be able to return HTML to Angular? Is your Angular app calling an HTTP endpoint of your browser? – Smutje Nov 16 '20 at 12:06
  • my angular app sends an api call to one of my microservices. The microservice returns 401 error because the token that was sent isnt valid. ApiGateway convert any 401 errors to 302 response and redirect the login page. When I call the api directly from browser everything works fine. This happens when angular call the api for me.. – JeyJ Nov 16 '20 at 12:09
  • Wait, your ApiGateway does a redirection and returns the HTML code of the redirection result to your Angular app, am I understanding that correctly? – Smutje Nov 16 '20 at 12:14
  • thats how it seems, yes. I'm not sure that api gateway is the root cause here. When I try to access the api endpoint manually (just type the url in the browser) without any token, everything works fine - the backend returns 404, apigateway converts it to 302 and I'm redirected to my login page. This whole issue happens when the angular app sends the api request. When angular does the request, it gets in a response status code 0, so maybe it is related to cors ? I'm not sure. – JeyJ Nov 16 '20 at 12:41
  • Not sure if I understand it correctly. But if you want to react to different status codes, take a look at [this](https://stackoverflow.com/a/37052710/5547717) – yannh Nov 16 '20 at 19:43

0 Answers0