I am trying to make a CORS POST request using Restangular in the following manner :
//data is a json object
var urlToPost = '/api/deal/update/'+dealId;
return Restangular.all(urlToPost).customPOST(data, '', {}, {
"Content-Type": "application/json",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "POST, GET, PUT, DELETE, OPTIONS"
});
When I hit the call, the following error appears on the console :
XMLHttpRequest cannot load http://55.76.122.145:8080/hulk/api/deal/update/55cd93bd20ce9744aeebff3a. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9001' is therefore not allowed access.
And in the Network tab, I can see a successful call with status 200 being fired with OPTION method.
How to go about it? What am I doing wrong ?
The error message spells this out for you:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9001' is therefore not allowed access.
The server must respond to the OPTION request with a response including an Access-Control-Allow-Origin header that tells the browser that the website providing the JavaScript is allowed access.
Access-Control-Allow-Origin and Access-Control-Allow-Methods are not request headers. You can't write JavaScript that gives itself permission to read data from other people's websites. That would be silly.