My problem is with a angularjs $http call on my app running at localhost:8080
var url "https://api.acme.com/RX/v1/user";
$http.get(url).success(function (data) {
alert('yay');
$scope.user = data;
});
The first request succeeds with the following response recorded by Chrome:
Status Code:302 Found
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:8080
Location:https://login.acme.com/cas/login?service=https%3A%2F%2Fapi.acme.com%2FRX%2Fv1%2Fuser
This results in the browser making a second GET request to the redirect location:
https://login.acme.com/cas/login?service=https%3A%2F%2Fapi.acme.com%2FRX%2Fv1%2Fuser
This second request fails with the following error reported in Chrome:
XMLHttpRequest cannot load https://login.acme.com/cas/login?service=https%3A%2F%2Fapi.acme.com%2FRX%2Fv1%2Fuser. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
So I have a CORS request from an origin to a url that allows the request that is being redirected to another url that is also configured to allow the request. But the redirect request is failing. Should I expect this to work?
Note, both api.acme.com and login.acme.com are configured to allow all origins using
Access-Control-Allow-Origin: *
see step 6 of this section(7.1.7): http://www.w3.org/TR/cors/#redirect-steps
more discussion could be found here: https://code.google.com/p/chromium/issues/detail?id=154967
Unfortunately the convention of transmitting the string "null" makes it seem like it could be a bug; I thought so myself until I tracked this down :)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With