AngularJS performs an OPTIONS HTTP request for a cross-origin resource => error 401

Question

I'm trying to use $resource to get datas from a REST web service.

here is my code :

    return $resource('http://serverURL', {}, {

                getQuartiers: {
                    method: 'GET',
                    headers:  {
                             'Authorization': 'Basic base64login:pseudostring',
                     },

                },


          });

The problem is that with headers like this, it's an option request that is send and i get an error 401 Unauthorized. If i remove headers, it's a GET request. But i need headers to send my Authorization string !

Otherwise the webservice is ok, either by going with chrome directly to the url => popup with login/pwd => correct datas at json format or by using postman chrome extension, which send a GET request.

What's the matter ?

your header request seems OK, I have used some thing like this in my web api project. I thing problem is with your web server and not with your JS codes. check your back end codes. — MRP
– MRP, Commented Dec 16, 2014 at 9:16
go check out Cors. w3.org/TR/cors. That's your problem atm. Its a preflight getting 401. — Marvin Smit
– Marvin Smit, Commented Dec 16, 2014 at 9:17
As using postman with an OPTION request works fine, i think it's not a server configuration problem !? — Thierry Mattray
– Thierry Mattray, Commented Dec 16, 2014 at 11:23

Mihai Dinculescu · Accepted Answer · 2014-12-16 09:21:12Z

1

You don't seem to be handling the preflight Options requests.

Your Web API needs to respond to the Options request in order to confirm that it is indeed configured to support CORS.

To handle this, all you need to do is send an empty response back.

This extra check was added to ensure that old APIs that were designed to accept only GET and POST requests will not be exploited. Imagine sending a DELETE request to an API designed when this verb didn't exist. The outcome is unpredictable and the results might be dangerous.

answered Dec 16, 2014 at 9:21

Mihai Dinculescu

20.1k8 gold badges59 silver badges70 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

Thierry Mattray Over a year ago

I am not sureto understand...You talk about server config, isn't it ? Actually the server send response : Access-Control-Allow-Headers:Authorization Access-Control-Allow-Methods:GET Access-Control-Allow-Origin:* etc But it seems that my headers aren't correctly send :

Mihai Dinculescu Over a year ago

Yes, that's on the server side, API configuration.

Thierry Mattray Over a year ago

Usingpostman, the OPTION request header has this line : Authorization:Basic mystring Using my code, it is instead : Access-Control-Request-Headers:accept, authorization So i think my headers are not sent correctly !?

Collectives™ on Stack Overflow

AngularJS performs an OPTIONS HTTP request for a cross-origin resource => error 401

1 Answer 1

3 Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

3 Comments

Your Answer

Sign up or log in

Post as a guest

Related