Why does a cross-domain angularjs $http.post request fail when a XMLHttpRequest succeeds?

Question

I am trying to exercise the Trello API with an application key and token from an angular (version 1.0.5) webapp. The server seems correctly configured to handle CORS. A test request with http://test-cors.org from enable cors works as expected.

When I do a post request in one of my angular controllers:

$http.post(url).success(function(data) {
  $scope.server_resp = data;
});

I get a Request header field Content-Type is not allowed by Access-Control-Allow-Headers error. (Even though, as you see below, the Access-Control-Allow-Origin is set to '*'). Why is this header added and can it be removed?

XMLHttpRequest

When I make the same request using raw XMLHttpRequest, it succeeds. Here are the headers for the XMLHttpRequest:

Request Method:POST
Status Code:200 OK

Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:0
Host:api.trello.com
Origin:http://192.168.0.125:9000
Referer:http://192.168.0.125:9000/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22

Response
Access-Control-Allow-Methods:GET, PUT, POST, DELETE
Access-Control-Allow-Origin:*
Cache-Control:max-age=0, must-revalidate, no-cache, no-store
Content-Length:563
Content-Type:application/json
Date:Mon, 18 Mar 2013 02:49:37 GMT
Expires:Thu, 01 Jan 1970 00:00:00
X-Powered-By:Express
X-Server-Time:1363574977568

Angular $http.post

Here are the headers for the angular initiated request. Note that the browser made a pre-flight OPTIONS request:

Request Method:OPTIONS
Status Code:200 OK

Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, origin, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
Host:api.trello.com
Origin:http://192.168.0.125:9000
Referer:http://192.168.0.125:9000/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22

Response
Access-Control-Allow-Methods:GET, PUT, POST, DELETE
Access-Control-Allow-Origin:*
Content-Length:0
Content-Type:text/html; charset=utf-8
Date:Mon, 18 Mar 2013 02:51:00 GMT
X-Powered-By:Express

Is there a way to configure angular's request headers to allow the above $http.post() code to work?

Answer 1

The 'content-type' header is not accepted by the server and is added by default for Angular $http POST request (see $http doc). You can try to remove it from your $http config. Inject $httpProvider in your controller, then this might work:

delete $httpProvider.defaults.headers.post['Content-type']

You might have to try with 'content-type' also, I'm not sure of the case to use.

Answer 2

Add the headers param to the $http and you'll be fine.

          var config = {
            method: 'POST',
            url: 'your url',
            headers: {
              'Content-Type': undefined
           },
           data: {
              "channel": "#fun-and-game",
              "username": $scope.question.title,
              "text": $scope.question.text,
              "icon_emoji": ":ghost:"
          },
       };

      $http(config).success(function(data) {
         $scope.server_resp = data;
      }).error(function(response) {

      });

for more info, check angularjs $http docs