$http.get('https://[IP]/orders/', {
headers: {
'px-hash': hash
},
params: query
}).then(function (orders) {
console.log(orders.data);
defer.resolve(orders.data);
}, function (err) {
defer.reject(err);
// handle error
});
As i remove ‘px-hash’ custom header, every things starts to work on android 4.4
But almost all of my apis uses custom headers. so i can’t work without them.
Could find out the reason for this strange error. Has any one faced this issue?
You need to allow the custom header px-hash to be sent to the server by correctly setting the Access-Control-Allow-Headers in your response headers.
Since you’re using https:// XHR will make a preflight OPTIONS request before making the actual GET/POST request. After said preflight request the Access-Control-Allow-Headers response header will be evaluated in order to define which headers can be sent to the server with the actual GET/POST request. Headers not included in the Access-Control-Allow-Headers response header will not be added. Therefore your px-hash header will be omitted from the actual GET/POST request.
For example: Access-Control-Allow-Headers: Content-Type, Authorization, X-App-Version in the response header will allow the Content-Type, Authorization, and X-App-Version headers to be included in the request. All other request headers will be omitted.
Hi Bramus, do you have more specific information on what needs to be added?
I wrote the following
$httpProvider.interceptors.push('httpRequestInterceptor');
.factory(‘httpRequestInterceptor’, [’$rootScope’, function ($rootScope) {
return {
request: function ($config) {
$config.headers[‘x-auth-ticket’] = “test”;
return $config;
}
};
}])
However when I do a request i get
Request header field x-auth-ticket is not allowed by Access-Control-Allow-Headers in preflight response.
and the Header istead of being there is added in Access-Control-Request-Headers:accept, x-auth-ticket instead of being a proper header.