Restangular crossdomain request. What I do wrong?

About

Asked 20/3, 2014 at 8:6 Answered 28/3, 2014 at 5:19

Solved angularjs cross-domain cors restangular cross-domain-policy

I have domain sub.example.com with configured restangular:

RestangularProvider.setDefaultHeaders({
    'Content-Type': 'application/json',
    'X-Requested-With': 'XMLHttpRequest'
});
RestangularProvider.setDefaultHttpFields({
    'withCredentials': true
});

Then I'm building other factory via:

return Restangular.withConfig(function(RestangularProvider) {
    RestangularProvider.setBaseUrl('http://api.example.com');
});

And, obviously, getting error No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://sub.example.com' is therefore not allowed access.. How should I configure server/client to get working crossdomain requests?

// upd

I'm using Yii on backend and sending next header
header('Access-Control-Allow-Origin: *', true);

Gunshy answered 20/3, 2014 at 8:6 Comment(1)

Your server-side header doesn't seem to be correct: the key and value pair are both in the key side - so the mapping doesn't mean anything. (Access-Control-Allow-Origin, "*") see enable-cors.org/server_apache.html – Exciting 28/3, 2014 at 3:53

I've found solution.

At first, when using credentials - we can't use * for Access-Control-Allow-Origin. Then, XHR sends OPTIONS request that should be handled well and send CORS headers.

// scheme required, here can be multiple origins concatenated by space if using credentials
header('Access-Control-Allow-Origin: http://sub.example.com');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE');
header('Access-Control-Allow-Headers: Accept, X-Requested-With');
// without credentials we can use * for origin
header('Access-Control-Allow-Credentials: true');
header('HTTP/1.1 200 OK', true);

Then we can simply use crossdomain ajax requests.

Gunshy answered 28/3, 2014 at 5:19 Comment(5)

Thanks for the follow up. I am encountering the exact same issue. – Groveman 28/3, 2014 at 5:20

@ChuckConway np. Glad to see that my answer helped somebody. – Gunshy 28/3, 2014 at 7:25

Very lost with how do I set this? – Theoretician 15/4, 2014 at 5:19

I'm guessing this is some API side PHP. – Cumulus 4/6, 2014 at 10:20

@AJ_83 anywhere in your backend before any headers are sent. – Gunshy 28/5, 2015 at 7:34

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags