2

I am using following code to get the location details from the google API.

My code :

 if (navigator.geolocation) {
    navigator.geolocation.getCurrentPosition(function(position){
      $scope.$apply(function(){
        $http.get('http://maps.googleapis.com/maps/api/geocode/json?latlng='+position.coords.latitude+','+position.coords.longitude+'&sensor=true').then(function(res){
          alert(res.data);
        });


      });
    });
  }

When I try this code I am getting the Cross domain Error.

My Error:

XMLHttpRequest cannot load http://maps.googleapis.com/maps/api/geocode/json?latlng=8.5663029,76.8916023&sensor=true. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.

Please suggest to solve this issue

Improve this question
3
  • You have to add authorization header first. your request should be $http.jsonp or do method: 'JSONP' Commented Feb 4, 2016 at 10:09
  • Request header field Authorization is not allowed - the problem could be that ?something? is adding a request header Authorization ... google doesn't like that, it seems ... CORS is not usually an issue with that API call Commented Feb 4, 2016 at 10:13
  • @ParthTrivedi You have to add authorization header first ... the problem is the existence of the Authorization header!! not the lack of it Commented Feb 4, 2016 at 10:29

3 Answers 3

Reset to default
2

You're sending an Authorization header ... which causes a CORS preflight check, and google doesn't like the Authorization header

you need to remove this header from the API call

see if this helps

$http.get("your long url", {headers: {Authorization: undefined}})

obviously I've replaced the actual url for readability

I've also seen the following suggestion

$http( {
     method: 'GET',
     url: 'someurl',
     headers: {
       'Authorization': undefined
     }
   }
 )

so, rather than using the $http.get "shortcut", use $http "general" request format

Improve this answer
Sign up to request clarification or add additional context in comments.

14 Comments

oh it seems problem with this. hmm
@ParthTrivedi - what are you trying to say? I don't understand, sorry
you are right.problem with passing header that is not mentioned in OP's code.
@ParthTrivedi that is not mentioned - it is mentioned in the CORS error message, that's how I know which one to remove :p
To solve the cross domain issue do we need to pass headers: {Authorization: null} ?
|
2

I had the same issue; I was using the satellizer module for authentication. https://github.com/sahat/satellizer

As it says on the FAQ section: "How can I avoid sending Authorization header on all HTTP requests?"

I did:

$http({
  method: 'GET',
  url: 'your google api URL',
  skipAuthorization: true  // `Authorization: Bearer <token>` will not be sent on this request.
});

And it solved my problem; maybe you are using a third party module that modifies the header.

Improve this answer

Comments

-1

I can't answer in the threat of the response i want, but

Maybe your are using Interceptors in your AngularJS application, so your request is modified some time later after your configure the:

{headers: { Authorization: null } }

I'm doing more research to overcome this. I'll post my finds later.

[Edit] Wed Jul 13 2016 21:38:03 GMT-0500 (CDT) [/Edit]

My solution to this, is going with straight Javascript, in that way my petition does not is intercepted by Interceptors from the $http Service and does not have the Authorization header.

So, maybe this help someone.

Cheers!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.