stackoom
  简体   繁体   中英

Access-Control-Allow-Origin:* not being recognized by Angular.js $http

 原文  2014-11-27 09:50:36       javascript/ angularjs/ http

Question

I'm developing a javascript app to control some smart TVs but angular pre lights OPTIONS requests before try the POST request (SOAP) I'm trying to send. The devices return a response with a proper Access-Control-Allow-Origin: * but angular refuses to send the POST request.

Of course, I can't change the configurations of the device's server to send another header angular "needs" and I need to send a Cookie and Content-Type .

How can I work around this?

UPDATE with a screenshot of request (bottom) and response (top) headers.

在此处输入图片说明

UPDATE with related angular code:

App is configured with: 

app.config(['$httpProvider',function($httpProvider) {
    $httpProvider.defaults.withCredentials = true;
}])

The request is: 

var body = '<?xml version="1.0"?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:X_SendIRCC xmlns:u="urn:schemas-sony-com:service:IRCC:1"><IRCCCode>{command}</IRCCCode></u:X_SendIRCC></s:Body></s:Envelope>';
var headers = {
    "Content-Type": "text/xml; charset=UTF-8",
    "SOAPACTION": "urn:schemas-sony-com:service:IRCC:1#X_SendIRCC"
};
return $http({
    method:"POST",
    url: "http://{ip}/sony/IRCC".replace("{ip}", config.ip),
    data: body.replace("{command}", signal),
    headers: headers
});

2 answers

solution1
 1  2014-11-27 10:03:46

仅当您的浏览器不知道这些选项时,才会获取这些选项,因此,如果您可以事先从服务器(通常不通过soap)加载某些内容(例如包含不可见的图像),则您的浏览器应该已经知道这些选项,而无需重新请求它们。

solution2
 1 ACCPTED  2014-11-27 10:55:05

I believe your problem is withCredentials . When you use withCredentials , the server must indicate that allows credentials. In a simple GET request that doesn't require preflighting, the browser is supposed to keep any such response from your app; in a preflighted request, it should not send the actual request.

Here is the best description at mozilla https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials

It says:

but the browser will reject any response that does not have the Access-Control-Allow-Credentials: true header, and not make the response available to the invoking web content

If you look at the preflight response, you see the headers: 

Access-Control-Allow-Headers: "content-type,soapaction"
Access-Control-Allow-Origin: "*"

But the required Access-Control-Allow-Credentials header is not there.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Access-Control-Allow-Origin and Angular.js $http Access-Control-Allow-Origin and Angular.js Access-Control-Allow-Origin Not Being Recognized Error Access-Control-Allow-Origin With Angular.js and API with Laravel5.1 Access-Control-Allow-Origin is not recognized by Chrome Access-Control-Allow-Origin issue and angular $http service Angular $http.post and No 'Access-Control-Allow-Origin' header Angular JS $http config issue withCredentials & wildcard in Access-Control-Allow-Origin Access-Control-Allow-Origin for http & https Access-Control-Allow-Origin in http request
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM