Basic authentication with Angular

Issue #83 new
Philip Tsang created an issue

Hey so I'm somewhat new to this but I think I've narrowed my problem done to either:

  1. Something wrong with my server configurations (unlikely I think?)
  2. Atarashii doesn't support CORS

I've been trying to authenticate with Angular and I send the basic authentication headers, however I keep getting a: "No 'Access-Control-Allow-Origin' header is present on the requested resource."

BUT when I change the method to JSONP, it works fine. However, the response data obviously isn't JSONP, so it immediately fails with a "Unexpected token error". Here are my headers:

    .config(['$httpProvider', function($httpProvider) {
        $httpProvider.defaults.useXDomain = true;
        $httpProvider.defaults.withCredentials = true;
        delete $httpProvider.defaults.headers.common["X-Requested-With"];
        $httpProvider.defaults.headers.common["Accept"] = "application/json";
        $httpProvider.defaults.headers.common["Content-Type"] = "application/json";
    }]);
        var authenticationHeaders = {
            'Authorization': 'Basic ' + authenticationCombination,
            'Access-Control-Allow-Origin': '*',
            'Content-Type': 'application/json',
            'Access-Control-Allow-Credentials': true,
            "Access-Control-Allow-Headers": "X-Requested-With"
        };
        //Attempt to authenticate via MAL
        var promiseAuthenticate = $http({
            method: "GET",
            url: MALAuthentication,
            headers: authenticationHeaders
        }).then(function(successLogin) {
            //The user sucessfully authenticated
            console.log(successLogin);

        }, function(errorLogin) {
            //Notify
            vm.loginError = 'Unable to login with the username and passwod given';
        });

Comments (6)

  1. Michael Johnson

    The API does not currently support CORS. It was intended to be used by back-end code or directly by client applications. It was never intended to be processed inside client-side JS. We may add support for the header in the future, but it's not a priority for us. Feel free to submit a patch if you want it sooner. The API side for our Android application will likely not allow other domains, anyway.

    If you want to access API data on your own site, then run an instance on your own server and domain.

  2. Former user Account Deleted

    I had the same problem with vuejs, but I manage to bypass it using the webpack proxy. It seems that Angular also integrate a proxy, maybe you should take a look Here a example

  3. Log in to comment