10

Okay, I've looked all over for this. Basically we're using $http request that ARE cross domain requests. Our server allows the domain and when a request returns 200, everything is OK. However, anytime our server returns an error, 500, 401, whatever, Angular thinks it's a CORS issue.

I debugged the response with Fiddler to verify my server IS returning a 500, yet Angular chokes on it.

Here's the request:

       var params = {
            url: "fakehost/example",
            method: 'GET',
            headers: {
                "Authorization": "Basic encodedAuthExample"
            }
        };

       $http(params).then(
            function (response) { // success 

            },
            function (error) { // error 
                 // error.status is always 0, never includes data error msg
            });

Then in the console, I will see this:

XMLHttpRequest cannot load fakehost/example. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'mylocalhost:5750' is therefore not allowed access.

Yet, in fiddler, the true response is:

HTTP/1.1 500 Internal Server Error
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 26 Aug 2014 12:18:17 GMT
Content-Length: 5683

{"errorId":null,"errorMessage":"Index was outside the bounds of the array.","errorDescription":"Stack trace here"}

I'm on AngularJS v1.2.16

Improve this question
3
  • Just to confirm, the error.data property is undefined? Commented Aug 26, 2014 at 12:58
  • 1
    not undefined, but the entire response in the responseError interceptor is: Object {data: "", status: 0, headers: function, config: Object, statusText: ""} Commented Aug 26, 2014 at 13:00
  • Also, if I purposely send a failed authorization, the status code and data returns properly, so it has to be some combo of the 500 error and CORS request: {data: Object, status: 401, headers: function, config: Object, statusText: "Unauthorized"} Commented Aug 26, 2014 at 13:04

1 Answer 1

Reset to default
7

I think I found an answer, looks like you will have to inject in your asp.net pipeline the correct CORS headers, as mentioned here.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Ah you're the man/woman. This is jogging my memory now, I think we implemented this at once and it was lost. Thank you, very much.
I also ended up here when using OAuth. I thought I've nothing to do with CORS but when the user logged out and my page with JS was still served from the browser cache, it was the first XHR that received the 302. I planned to handle it, but it turned out that Angular followed it to login page of the OAuth provider, this became a cross-site request (rightly disallowed) and surprised me with status = 0 in the error handler.
@acg i have no control of server code to change the response headers.is there any way to make angular aware of the real status code in this case
i have posted a new question in this regard stackoverflow.com/questions/31312703/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.