AngularJS remove `x-csrf-token` in $http.get

Question

I'd like to make a call to a 3rd party API using $http . However, it's including a x-csrf-token in the request which I believe is throwing off the request.

var req = {
    method: 'GET',
    url: url,
    headers: {
        'Authorization': 'Token <token>'
    }
}
return $http(req)

However, I'm getting the following error:

Failed to load URL : Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' http://localhost:5000 ' is therefore not allowed access.

When I look at the request, it's being sent as OPTIONS . Is the issue that I'm sending the x-csrf-token in the header and I need to remove it? Or am I missing something else? How can I successfully make this GET request?

Answer 1

Your request seems to be correct. However, it appears that the API you try to call doesn't accept Cross Origin Resource Sharing.

This is not an AngularJS issue, but a server one.

If the API is yours, add a CORS policy.

If the API is something like Google, Spotify or whatever, don't forget to register your URL as accepted domain.