Ramu Mothukuri Ramu Mothukuri - 1 month ago 9
PHP Question

I am getting error when i use headers.append('Authorization', 'Bearer ' +this.AuthToken);


When i am hiding authorization header it's working fine, but When i am
using Authorization header i am getting error.Below is my angular 2
code:


getinfo() {
return new Promise(resolve => {
var headers = new Headers();
this.loadUserCredentials();
console.log(this.AuthToken);
headers.append('Authorization', 'Bearer ' +this.AuthToken);
//headers.append('Content-Type', 'application/x-www-form-urlencoded');

this.http.get('http://ip/ramu/api/index.php?action=getUserInfo', {headers: headers}).subscribe(data => {
if(data.json().success)
resolve(data.json());
else
resolve(false);
});
})
}



Back end i am using php. i have used headers in php page given below


header("access-control-allow-origin: *"); header('content-type:
application/json; charset=utf-8');



Below error i am getting


XMLHttpRequest cannot load http://ip/ramu/api/index.php?action=getUserInfo. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.



What i have to do in back end to allow authorization based on token or
i need to do add any angular code?

Answer Source

Most non-standard headers require whitelisting (just like the origin) in the CORS pre-flight response so on the backend:

header("Access-Control-Allow-Origin: *"); 
header("Access-Control-Allow-Headers: Authorization");