Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CORS works in chrome but not firefox, angularjs

Tags:

javascript

angularjs

cors

google-chrome

firefox

I'm trying to use angularJS with a Jetty backend.

Preflight CORS requests are working fine in chrome but in firefox I get this CORS error: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://remote.machine:8080/api/v1/provisioning/users/current-user. This can be fixed by moving the resource to the same domain or enabling CORS.

The Headers for the options request are as follows:

HTTP/1.1 200 OK
Date: Wed, 24 Sep 2014 16:06:12 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, PUT, POST, OPTIONS, DELETE
Access-Control-Max-Age: 3600
Access-Control-Allow-Headers: Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Credentials: true
Set-Cookie: JSESSIONID=eyv8cpnnfphy1b0121uzt293y;Path=/
Content-Length: 0
Server: Jetty(9.2.2.v20140723)

The angular request is set up as follows:

$http.get(AS_API_URL + '/provisioning/users/current-user', {
            headers: {
                'Authorization': 'Basic ' + base64EncodedAuth               
            }
        });

For some reason these headers work fine in Chrome but not in Firefox, does anyone have a clue as to why? Do I need to provide more info?

EDIT:

Musa was right about the Access-Control-Allow-Headers being malformed. I edited the Jetty Server so the header now reads:

Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept

I give my thanks to you Musa, you just saved my day :)

like image 306
Nordfjord Avatar asked Sep 24 '14 16:09

Nordfjord

1 Answers

To expand upon Musa's answer in the comments, Firefox is blocking the request because the following header has the header twice instead of once:

Access-Control-Allow-Headers: Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept

should be changed to

Access-Control-Allow-Headers: Origin, Authorization, X-Requested-With, Content-Type, Accept
like image 115
Josh Correia Avatar answered Oct 06 '22 13:10

Josh Correia
Sign in to Comment

Related questions

How does adblock block adsense ads?
DOM elements not ready in AngularJS Directive's link() function
Knockout : find out which observable triggerred computed
Tracking HTML5 Video Closed Captions Visibility State
Purpose of _.extend/_.assign?
Copy values from html <select multiple> to clipboard
Download file with R given a JavaScript Statement
Select2 adds a title attribute to form controls
Testing facebook javascript Login from localhost domain
Facebook custom stories with big Image - Open Graph with Javascript
Using sessions with Express.js v4 and Socket.io v1
Packery when drag then drop an item vertically in a sortable grid, vertical alignment breaks
JavaScript - multiple global objects in multiple HTML frames?
Why does this random() distribution look asymmetric?
I keep getting TypeError: undefined is not a function
Date object in meteor and autoform
How is RegEx handled differently in VBA and JavaScript?
IE 11 - console.log is displaying undefined for object properties
Jquery for tooltip on image map area shapes
Making Loopback API Ember.js compatible

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!