Custom headers in angular $http not working in android 4.4 (API 19) but working with android 4.3 (API 18) and 4.2 (API 17)

$http.get('https://[IP]/orders/', {
    headers: {
        'px-hash': hash
    params: query
}).then(function (orders) {
}, function (err) {
    // handle error

As i remove ‘px-hash’ custom header, every things starts to work on android 4.4
But almost all of my apis uses custom headers. so i can’t work without them.

Could find out the reason for this strange error. Has any one faced this issue?

You need to allow the custom header px-hash to be sent to the server by correctly setting the Access-Control-Allow-Headers in your response headers.

Since you’re using https:// XHR will make a preflight OPTIONS request before making the actual GET/POST request. After said preflight request the Access-Control-Allow-Headers response header will be evaluated in order to define which headers can be sent to the server with the actual GET/POST request. Headers not included in the Access-Control-Allow-Headers response header will not be added. Therefore your px-hash header will be omitted from the actual GET/POST request.

For example: Access-Control-Allow-Headers: Content-Type, Authorization, X-App-Version in the response header will allow the Content-Type, Authorization, and X-App-Version headers to be included in the request. All other request headers will be omitted.

Hi Bramus, do you have more specific information on what needs to be added?

I wrote the following


.factory(‘httpRequestInterceptor’, [’$rootScope’, function ($rootScope) {
return {
request: function ($config) {
$config.headers[‘x-auth-ticket’] = “test”;
return $config;

However when I do a request i get
Request header field x-auth-ticket is not allowed by Access-Control-Allow-Headers in preflight response.

and the Header istead of being there is added in Access-Control-Request-Headers:accept, x-auth-ticket instead of being a proper header.