Hi,
I don’t know how you handle requests on your server but I’ll do it like the code below:
Server(*.php file)
function checkCORS() {
if (isset($_SERVER['HTTP_ORIGIN']) && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, X-API-TOKEN');
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') return true;
else {
if (isset($_SERVER['HTTP_X_API_TOKEN']) && $_SERVER['HTTP_X_API_TOKEN'] == 'WHATEVERYOUSENDFROMAPP') return true;
else return false;
}
} else return false;
}
And my .ts file sends this:
this.http.post(`${this.serverUrl}`, {uuid: this.device.uuid, model: this.device.model}, {headers: this.headers})
.subscribe(response => {
console.log(response);
});
private headers = new HttpHeaders({
'X-API-TOKEN': 'WHATEVERYOUSENDFROMAPP'
});
You don’t have to use the X-API-TOKEN neither on client nor on server.
Hope this helps you.
Cheers