Why does the OPTIONS method ask for authorization and how to get around it?

P

Peter2016-02-16 14:37:48

JavaScript

Peter, 2016-02-16 14:37:48

The client is written in angular.js.
Services are on a different domain and headers are written in them

Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization

To get a token, a POST request is made. But to get data from the beginning, OPTIONS is sent.
The server asks the Authorization header with a token from the OPTIONS method, but since it is not there, it gives a 401 response and further requests do not go through.
What could be the problem?
How to remove OPTIONS or how to send Authorization header with token along with OPTIONS?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

_

_ _, 2016-02-16
@AMar4enko

Preflight request cannot be removed for cross-domain requests. On the server, remove the OPTIONS methods from authorization.

M

MNB, 2016-02-16
@MNB

$httpProvider.withCredentials = true;installed?

A

Anton Shcherbakov, 2016-02-16
@WestTrade

Cross domain request. In .htaccess write:

<ifmodule mod_headers.c>
  Header always set Access-Control-Allow-Origin: "*"
  Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
  Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
  Header always set Access-Control-Allow-Credentials "true"
</ifModule>

Customize Access-Control-Allow-Headers and Access-Control-Allow-Methods