2

I am trying to build an AngularJS frontend for a Drupal 7 website.

The problem is that, when I set useCredentails to true, I get this error.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://example.com. This can be fixed by moving the resource to the same domain or enabling CORS.

I have the following headers set on the backend:

  • Access-Control-Allow-Origin: *
  • Access-Control-Allow-Methods: GET, POST, DELETE, PUT
  • Access-Control-Allow-Headers: X-Requested-With, Accept, Content-Type, Cookie, X-CSRF-Token
  • Access-Control-Allow-Credentials: true

The login works fine with useCredentails equals false. When changed to true, I get the above error.

I wanna be able to set useCredentails to true, in order to be able to use token authentication.

Any ideas?

P.S. I use drupal 7 services module with session autehntication.

Improve this question

1 Answer 1

Reset to default
0

The problem was in CORS configuration on the server.

Access-Control-Allow-Origin can not be set to * while Access-Control-Allow-Credentials is set to true.

I changed Access-Control-Allow-Origin to specific hosts, and everything worked fine.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.