-1

I have a CORS problem when I try to do a request to an external API. I tried to add the token to all requests like this:

    var dApp = angular.module("app", []);
    dApp.run(function($http) {
    $http.defaults.headers.common.Authorization =  'APP token=TOKEN';
    });

The Authorization string is defined as defined on API. If I check the headers of the request I can't see my string and the return code is 404 OPTIONS. I tried to do the request with Postman and it works.

It returns 404 but the error in the console is: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.discogs.com/database/search?type=master&artist=The%20Strokes&format=album&callback=. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

If I pass the token on the url it works, but only with GET and POST requests.

I already read the question Angular.js performs an options http request for CORS resource but I didn't found the solution for my problem

As you can see there aren't my headers

emattiazzi
  • 316
  • 1
  • 3
  • 11
  • A 404 means that the resource doesn't exist on the server. The URL is incorrect. – JB Nizet Mar 06 '16 at 13:41
  • I tried to do the request with Postman and it works. It returns 404 but the error in the console is: `Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.discogs.com/database/search?type=master&artist=The%20Strokes&format=album&callback=. (Reason: CORS header 'Access-Control-Allow-Origin' missing).` If I pass the token on the url it works, but only with GET and POST requests. – emattiazzi Mar 06 '16 at 13:45
  • Reading https://www.discogs.com/developers/, this API doesn't seem to support CORS. You should use JSONP to access the API. – JB Nizet Mar 06 '16 at 13:49
  • 1
    Then API is not CORS enabled. Since you need authorization for it you will have to use a proxy – charlietfl Mar 06 '16 at 13:50
  • Using a proxy is the right solution. Thanks! – emattiazzi Mar 06 '16 at 14:47

1 Answers1

1

You can do this for FireFox:

var xhr = new XMLHttpRequest({mozSystem: true});

However, the best way of doing this in Chrome I know about is by running the application with --disable-web-security, which is not good, since, besides the fact that it is insecure, you will have to tell your users to disable their web security, which is not really a good idea.

You can do it as follows:

  • you write a server-side API which gets the request parameters
  • the API will forward them to the third-party server
  • the API will send the response to the client-side
Lajos Arpad
  • 45,912
  • 26
  • 82
  • 148