OPTIONS request are by no means an AngularJS bug, this is how Cross-Origin Resource Sharing standard mandates browsers to behave. Please refer to this document: https://developer.mozilla.org/en-US/docs/HTTP_access_control, where in the “Overview” section it says: The Cross-Origin Resource Sharing standard works by adding new HTTP headers that allow servers to describe the set of origins that are … Read more
You are running into CORS issues. There are several ways to fix/workaround this. Turn off CORS. For example: how to turn off cors in chrome Use a plugin for your browser Use a proxy such as nginx. example of how to set up Go through the necessary setup for your server. This is more a … Read more
Try adding the following middleware to your NodeJS/Express app (I have added some comments for your convenience): // Add headers before the routes are defined app.use(function (req, res, next) { // Website you wish to allow to connect res.setHeader(‘Access-Control-Allow-Origin’, ‘http://localhost:8888’); // Request methods you wish to allow res.setHeader(‘Access-Control-Allow-Methods’, ‘GET, POST, OPTIONS, PUT, PATCH, DELETE’); // … Read more
Note: Make sure to read the UPDATE at the bottom. The original answer includes a “lazy” implementation of the CORS filter With Jersey, to handle CORS, you can just use a ContainerResponseFilter. The ContainerResponseFilter for Jersey 1.x and 2.x are a bit different. Since you haven’t mentioned which version you’re using, I’ll post both. Make … Read more
Origin null is the local file system, so that suggests that you’re loading the HTML page that does the load call via a file:/// URL (e.g., just double-clicking it in a local file browser or similar). Most browsers apply the Same Origin Policy to local files by disallowing even loading files from the same directory … Read more
mode: ‘no-cors’ won’t magically make things work. In fact it makes things worse, because one effect it has is to tell browsers, “Block my frontend JavaScript code from seeing contents of the response body and headers under all circumstances.” Of course you never want that. What happens with cross-origin requests from frontend JavaScript is that … Read more
This is a part of security, you cannot do that. If you want to allow credentials then your Access-Control-Allow-Origin must not use *. You will have to specify the exact protocol + domain + port. For reference see these questions : Access-Control-Allow-Origin wildcard subdomains, ports and protocols Cross Origin Resource Sharing with Credentials Besides * … Read more
I finally stumbled upon this link “A CORS POST request works from plain javascript, but why not with jQuery?” that notes that jQuery 1.5.1 adds the Access-Control-Request-Headers: x-requested-with header to all CORS requests. jQuery 1.5.2 does not do this. Also, according to the same question, setting a server response header of Access-Control-Allow-Headers: * does not … Read more
Chrome does not support localhost for CORS requests (a bug opened in 2010, marked WontFix in 2014). To get around this you can use a domain like localho.st (which points at 127.0.0.1 just like localhost) or start chrome with the –disable-web-security flag (assuming you’re just testing).
edit 2018-09-13: added some precisions about this pre-flight request and how to avoid it at the end of this reponse. OPTIONS requests are what we call pre-flight requests in Cross-origin resource sharing (CORS). They are necessary when you’re making requests across different origins in specific situations. This pre-flight request is made by some browsers as … Read more