In Ionic / Angular How to Set Header? When call API I got Error 405 (Method Not Allowed)

In Postman API Working perfectly , When I call the API in My Project I got Error 405 (Method Not Allowed)
Access to XMLHttpRequest at 'http://abc.com/api’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
I Am Use below code for Set Header
var options = {
headers: new HttpHeaders({
‘Access-Control-Allow-Origin’ : ‘*’,
‘Content-Type’ : ‘application/json’,
authorization : ‘Basic bW9iaWxlYXBpdXNlcjpwYXNzd29yZDEh’,
}),
}

return this.http.get('http://localhost/basicapi/index.php', options);

There are a few things here:

  1. Postman works because it is not following the same cross-origin rules (SOP) that a browser follows. Postman is mean to be a development tool and thus ignores it. Your browser, on the other hand, enforces said rules which is why you receive the error.

  2. You will want the “Access-Control-Allow-Origin” header on your http://abc.com/api" side; i.e., in response to the client’s request. This will allow that connection to go through. However, allowing * is not always a wise idea.

  3. You are getting the 405 - Method Not Allowed because, again, the browser behaves in a special way. Here, it is sending a “preflight request”, which is of method type OPTIONS (not GET or POST). On your http://abc.com/api" side you will need to allow this OPTIONS method.

  4. If you don’t have access to update http://abc.com/api, then you will need to do what I’ve recently had to do which is create your own “middleman server” http://def.com and proxy all the traffic from your client-side through to http://def.com, and then forward from there to the target server http://abc.com/api to avoid CORS and the preflight check from the browser.

Hope that helps!

Here is a giant resource on CORS and preflight requests if you are interested in learning more: https://www.html5rocks.com/en/tutorials/cors/ .

p.s. - I would also never post your authorization token in an online forum–just in case you ever leak your production URL later.