Ramu Mothukuri Ramu Mothukuri - 1 month ago 9
PHP Question

I am getting error when i use headers.append('Authorization', 'Bearer ' +this.AuthToken);

When i am hiding authorization header it's working fine, but When i am
using Authorization header i am getting error.Below is my angular 2

getinfo() {
return new Promise(resolve => {
var headers = new Headers();
headers.append('Authorization', 'Bearer ' +this.AuthToken);
//headers.append('Content-Type', 'application/x-www-form-urlencoded');

this.http.get('http://ip/ramu/api/index.php?action=getUserInfo', {headers: headers}).subscribe(data => {

Back end i am using php. i have used headers in php page given below

header("access-control-allow-origin: *"); header('content-type:
application/json; charset=utf-8');

Below error i am getting

XMLHttpRequest cannot load http://ip/ramu/api/index.php?action=getUserInfo. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.

What i have to do in back end to allow authorization based on token or
i need to do add any angular code?

Answer Source

Most non-standard headers require whitelisting (just like the origin) in the CORS pre-flight response so on the backend:

header("Access-Control-Allow-Origin: *"); 
header("Access-Control-Allow-Headers: Authorization");