Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

is it possible to intercept the response to an HTTP OPTIONS preflight in AngularJS?

Tags:

angularjs

cors

I'm trying to implement a simple interceptor that allows me to display a message along the lines of "cannot contact the server" in my Angular app. However as the API is on a different host I'm dealing with CORS pre-flight OPTIONS requests.

I've found that if the API is unavailable Chrome dev tools shows a 503 on the OPTIONS request but Angular's $http interceptor catches a 404 response to the subsequent GET request. I believe this is because the OPTIONS response did not contain the required CORS headers so the GET is actually never performed.

Is is possible to intercept the OPTIONS response? If all I see is a 404 I can't distinguish "server down" from "no such resource".

like image 969
Rob Fletcher Avatar asked Feb 04 '14 16:02

Rob Fletcher

1 Answers

You can't intercept this request by design - the browser is "checking up" on you, making sure YOU should be allowed to make the request.

We've used three solutions to work around this:

  • If the problem is that you're using a development environment like NodeJS, and your domain names aren't matching (that is, if you normally wouldn't need to deal with this in Production) you can use a proxy. The https://github.com/substack/bouncyBounceJS NodeJS Module is an easy to use option. Then your Web service request domain will match the domain your page is on, and the check won't be triggered. (You can also use tricks like this in Production, although it can be easily abused!)
  • Also for temporary use, you can use something like Fiddler or Charles to manipulate the request by faking the required headers, or tell your browser not to check them (--disable-web-security in Chrome).
  • If you have this problem in Production, you either need to legitimately fix it (adjust the Web service handler to add the required headers - there are only two), or find a way to make the request in a way that doesn't trigger the check. For instance, if you control both the source and target domains, you can put a script on the target that makes the requests to itself. Run this in an IFRAME, invisibly. Then you can use things like postMessage() to communicate back and forth. Large services like Facebook use "XHR bridges" like this for the same reason.
like image 62
Chad Robinson Avatar answered Sep 30 '22 05:09

Chad Robinson
Sign in to Comment

Related questions

Multiple independent partials in AngularJS
Alternative to using ng-init in 'view'?
Distinguish swipe and click in Angular
Active Record or Data Mapper pattern for Angularjs?
turn off re-sorting in angularJS while editing
How to run AngularJS end to end tests on Jenkins?
How to fadeout and remove elements created by ng-repeat
Issues with CORS. Flask <-> AngularJS
Making angular crawlable - Beginning of Project
angular resource overwrite url not working
AngularJS and adsense
AngularJS : Transclude a single input element into a directive template without using a container
angularJS: Wait for ng-if to finish, to make sure that the DOM is ready
Angular-ui ui-map click event not receiving $params
$parsers \ $formatters functions are not firing when the browser fills the form field automatically
Why is this function executed twice?
AngularJS dependency injection swap implementation
remove angular comments from html
angular.js $scope.$broadcast, $scope.$emit, $rootScope.$broadcast what to use?
angularjs memory consumption issue

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!