http call in IE not working

[Jake K.]

Hello,

I have a bunch of restful methods which I use in my angularjs app.

They work fine in most browsers, except for IE.

I get the following warning when I try to start a session, which requires a call to a restful method ( I use $http )

XMLHttpRequest for https://path-to-api/myApi required CORS preflight

I am not exactly where the error is coming from, so I am not sure how to put a specific question.

So, how do I solve this issue?

Thanks

PS: I also get other similar errors in IE, e.g. XMLHttpRequest for https://path-to-api/myApi required Cross Origin Resource Sharing (CORS).

It seems like the error has to do with CORS, but I am not sure.

[James Brewer]

This looks promising: http://samuellam.wordpress.com/2013/08/03/ie-89-cors-support-in-angular-js/

--
You received this message because you are subscribed to the Google Groups "AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to angular+u...@googlegroups.com.
To post to this group, send email to ang...@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/groups/opt_out.

[Jake K.]

Hello

I am still trying to call an API using angular's $http, but so far I've been unsuccessful ( in IE, it works fine in Chrome and FF )

This is my code

            $http({

              url: 'path-to-my-api/myapi',

              method: 'GET',

              withCredentials: true,

              dataType: 'json',

              headers: {

                'Access-Control-Allow-Origin': '*',

                'Access-Control-Allow-Credentials':true,

                //'Access-Control-Allow-Headers':'X-Requested-With',

                'Access-Control-Allow-Methods': ['GET', 'OPTIONS']

              }

            }).then( function( result ){

              console.log( 'success');

            }, function( error ){

              console.log( error );

            });

On top of the headers, I got the following inside config

myApp.config(['$httpProvider', function($httpProvider) {

    $httpProvider.defaults.useXDomain = true;

    delete $httpProvider.defaults.headers.common['X-Requested-With'];

  }

]);

So, why is that IE still shows me an error ( a 403 Forbidden to be more precise ).

What is the official angular way to make api calls in IE?

PS: I've tested my code in several IE versions, including the latest 11, 10 and 9, but it still doesnt work

The errors ( or warnings ) that I get are the following:

XMLHttpRequest for https://path-to-api/myapi required Cross Origin Resource Sharing (CORS).

SEC7119: XMLHttpRequest for https://path-to-api/myapi required CORS preflight.

Thanks

2014/1/22 James Brewer <ja...@brwr.org>

--
You received this message because you are subscribed to a topic in the Google Groups "AngularJS" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/angular/MC_G6gSqH9c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to angular+u...@googlegroups.com.

To post to this group, send email to ang...@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/groups/opt_out.

--
JAKE KWON +1 (604) 655 3109
email: jyk...@gmail.com

[Jeff Hubbard]

That error generally means that your server is not responding to the CORS request correctly. You should triple-check the output of your server (specifically, the Access-Control-Allow-Origin and Access-Control-Allow-Headers headers) to make sure they're correct.

[Jake K.]

Hello, Jeff

Hope you are the one who replied my last email, right? ( about IE and $http ).

What do you exactly mean by 'specifically, the Access-Control-Allow-Origin and Access-Control-Allow-Headers headers) to make sure they're correct. '. 

Does that mean that my $http headers should be the same as the ones I get from the 'Response Headers'?

In Chrome I get the following Response Headers:

Access-Control-Allow-Credentials:

true

Access-Control-Allow-Origin:

http://localhost:9000

Access-Control-Max-Age:

31536000

Connection:

close

Date:

Fri, 24 Jan 2014 02:07:22 GMT

Etag:

"-953030665"

X-Powered-By:

Express

I don't get any Access-Control-Allow-Headers back from the server though.

Thanks again

Any help would be great, since I've been stuck with this for quite a while, also I couldnt find any 'official' method to deal with $http requests

in IE.

2014/1/23 Jeff Hubbard <lord...@gmail.com>

--

You received this message because you are subscribed to a topic in the Google Groups "AngularJS" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/angular/MC_G6gSqH9c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to angular+u...@googlegroups.com.
To post to this group, send email to ang...@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/groups/opt_out.

[Sander Elias]

Hi Jake,

Ok, this seems to be really an IE problem, see: http://caniuse.com/#feat=cors
I have been looking into the $http source, and have some mixed news for you.
In Angularjs there is no cors support for IE8 and IE9(yet). This might be an easy fix, as in swapping window.XMLHttpRequest with window.XDomainRequest, but this need to be done inside the angular source.

IE10+ should work, but seems to be extra-picky about the headers. For details have a look at: http://blogs.msdn.com/b/ie/archive/2012/02/09/cors-for-xhr-in-ie10.aspx

Regards

Sander

[Jeff Hubbard]

It looks like you are getting A-C-A-O back from the server. Are you having difficulties with IE8/9 specifically? (I assumed since you were talking about CORS, you were talking about IE10) Those IE versions only support CORS through the use of the XDomainRequest object instead of the standard XMLHttpRequest. There are several workarounds for this, but all of them come with quite significant downsides. See: http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx