Closed BusbyActual closed 6 years ago
Please read the CORS docs you have linked again.
the only headers which are allowed to be manually set are those which the Fetch spec defines as being a “CORS-safelisted request-header”, which are:
Accept Accept-Language Content-Language Content-Type (but note the additional requirements below) Last-Event-ID DPR Save-Data Viewport-Width Width
Your request does not satisfy all the elements of a simple request as it has a request header of noAuth, which is not a CORS-safelisted request-header.
Apologies, I think I came to the same conclusion and forgot to close this.
Hey there,
This code is sending an options request and it shouldn't according to the CORS specification. The noAuth header is to override an auth intercepter service to remove auth header before sending the request. According to CORS docs, a simple request can contain 'Content-Type', and 'Accept' headers. My request satisfies all elements of a simple request to not do a preflight options request however through angularJS an options request is sent.
If I right click on the request and click 'replay xhr' it sends just fine. Is there somewhere in the lib where the request is being decorated to not be a simple request? Souce