3

I am having a nightmare trying to implement whitelisting for url's that are loading into ng-include cross domain.

I have an include which works fine locally:

<div ng-include="'http://test-domain.com/framework/includes/main-menu.html'"></div>

I then have the whitelist added like so... 

angular.module('myApp', ['ngRoute','ngResource'])
.config(function($sceDelegateProvider) {
  $sceDelegateProvider.resourceUrlWhitelist([
    // Allow same origin resource loads.
    'self',
    // Allow loading from our assets domain.  Notice the difference between * and **.
    'http://test-domain.com/framework/includes/**'
  ]);
});

But i am still getting 'XMLHttpRequest cannot load' errors across all browsers. This is driving me insane, is there a way around this? Am i missing something else to get this to work cross-domain? Please help. Thanks

Pascal Ockert
  • 984
  • 5
  • 10
user2815016
  • 51
  • 1
  • 5
  • 5
    Does the server correctly set the CORS headers (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing), esp. `Access-Control-Allow-Origin`? Otherwise, the browser will refuse to load the file because of the same origin policy. Try the `--disable-web-security` command line switch in chrome for a quick test. If that fixes the problem, it's because of the CORS headers. – mnemosyn Feb 16 '14 at 00:11
  • @mnemosyn I somehow have never heard of that switch.. but it's imprinted on my brain now. Thanks! @user2815016, that allow origin header is the most important, but also make sure `Access-Control-Allow-Methods` has at minimum a value of `"GET, POST". Wikipedia is actually a great source for an approach to this: http://en.wikipedia.org/wiki/Cross-origin_resource_sharing – Brian Vanderbusch Feb 16 '14 at 00:45
  • Thank you, thank you, thank you :) it works so is the server :) that switch is well handy! Saved me more hours of banging my head. – user2815016 Feb 16 '14 at 14:56
  • possible duplicate of [AngularJS performs an OPTIONS HTTP request for a cross-origin resource](http://stackoverflow.com/questions/12111936/angularjs-performs-an-options-http-request-for-a-cross-origin-resource) – Paul Sweatte Jan 29 '15 at 16:11

0 Answers0