Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Angular2 Http missed "Authentication" header in CORS preflight actual (second) request

See original GitHub issue

I’m submitting a … (check one with “x”)

[x] bug report => search github for a similar issue or PR before submitting
[ ] feature request
[ ] support request => Please do not submit support request here, instead see https://github.com/angular/angular/blob/master/CONTRIBUTING.md#question

Current behavior

Http missed the “Authentication” header in the actual (second) request of CORS preflight session. please see https://forum.ionicframework.com/t/cr3-http-missed-authorization-header-in-cors-preflight-actual-request/73630 Expected behavior

Http should insert the “Authorization” header in the actual POST message headers after the success of “OPTIONS” round in a CORS preflight scenario Minimal reproduction of the problem with instructions

set up a Restful service with CORS capacity; send a request with a “Authentication: Bear” token in the message; then try to extract the “Authentication” header from the received message at the server side What is the motivation / use case for changing the behavior?

Please tell us about your environment:

Ionic2 RC3 – emulated on Ubuntu 16.04 LTS Linux 4.4

Angular version: 2.1.1

Browser: [ Chromium 53.0.2785.143 Built on Ubuntu ]

Language: [TypeScript 2.0.3 ]
Node (for AoT issues): node --version = v4.6.2

Issue Analytics

State:
Created 7 years ago
Reactions:4
Comments:13 (5 by maintainers)

Top GitHub Comments

13reactions

BafScommented, Jan 26, 2017

After hours of search I found a solution. Add "Access-Control-Expose-Headers" : "Authorization" on the server side to expose the Authorization header.

0reactions

angular-automatic-lock-bot[bot]commented, Sep 13, 2019

This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}

Top Results From Across the Web

Angular2 JWT Authorization header missing in http response ...

In http request I'm sending username and password and expecting token in 'Authorization' header of response. Everything works fine when I use ...

RC3 Http missed Authorization Header in CORS preflight ...

I am trying to put an Authorization header in the request to remote server in order to authenticate an user by a JWT...

Communicating with backend services using HTTP - Angular

For example, a server might require an authorization token, or "Content-Type" header to explicitly declare the MIME type of the request body. Adding...

ASP.NET Core and CORS Gotchas - Rick Strahl's Web Log

Note that the actual headers sent may vary depending on what your request needs. GET operations might have different CORS headers than a...

CORS: OPTIONS preflight call preceding a $http.post request ...

You need to handle the OPTIONS preflight request on your server, and it needs to return the correct Access-Control-Allow-* headers for the incoming...