So, I'm trying to intercept the http calls to add the Authorization header on each call if exist. This works well exept of the fact that no matter which http method I use (GET, POST, DELETE) it send the request with OPTIONS method instead. What am I doing wrong?
Server is nodejs with restify.
angular.module('mymodule').factory('RequestService', function () {
var token = null;
var service = {
setToken: function setToken(_token) {
token = _token;
},
getToken: function getToken() {
return token;
},
request: function request(config) {
if (token) {
config.headers['Authorization'] = 'Token' + token;
}
return config;
}
}
return service;
}).config(function($httpProvider) {
$httpProvider.interceptors.push('RequestService');
}
When you implement your own interceptor on Front-End side, you should remember about CORS:
app.use(function(req, res, next) {
res.header('Access-Control-Allow-Origin', req.headers.origin || "*");
res.header('Access-Control-Allow-Methods', 'GET,POST,PUT,HEAD,DELETE,OPTIONS');
res.header('Access-Control-Allow-Headers', 'content-Type,x-requested-with,authorization123456,accept');
next();
});
We should remember to set Acces-Controll-Allow on Methods as well as on Headers. In my case it's 'authorization123456' where I put my token which is added to every request from AngularJS.