I have my server that return data, and I give this response on the code:
header('Access-Control-Allow-Origin: *');
echo 'the response';
now when I use the chrome dev tools to check the response I see that: "Access-Control-Allow-Origin" is set to "*" so that is good.
The response from the server:
Access-Control-Allow-Origin:*
Cache-Control:no-cache
Connection:keep-alive
Content-Type:application/json
Date:Thu, 16 Oct 2014 07:45:34 GMT
Server:nginx/1.1.19
Set-Cookie:laravel_session=eyJpdiI6IlhhdTlOSHJMYmlnWm44bE1TTnBYXC9uMUhZQ1wvN21UWFZzMWlHRm5lb3ZtND0iLCJ2YWx1ZSI6InZSZjJZNFpQaldNblJiT05iK08wK3VTQXJRQXBSZ0paOXdIdjJyOGNPZFlaOUZNNVwvOVYzalBnaGVSUkc2YWF2THBGcnQwVHhocUFHQyt6S296bmZKZz09IiwibWFjIjoiYjQxZjhlYjI4ZGJkMTk1NWZjZmYyNWI3MTg2YmU4NTM3Y2MwMDNiOTA3YmQxZmNkYjVhZmUwOTkyYzQ0ZGRiMiJ9; expires=Thu, 16-Oct-2014 09:45:34 GMT; Max-Age=7200; path=/; httponly
Transfer-Encoding:chunked
but when I try to access it with my angular project, I get this bug:
XMLHttpRequest cannot load http://MYSITE.co/api/posts/all. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access. The response had HTTP status code 405.
any ideas why?
How do you try to access the resource? For an iframe as well as for usage of HTML-templates I had to call the $sceDelegateProvider.resourceUrlWhitelist() method.
angular.module('myApp', [ ])
.config(function($sceDelegateProvider) {
$sceDelegateProvider.resourceUrlWhitelist([
// Allow same origin resource loads.
'self',
// Allow loading from our assets domain. Notice the difference between * and **.
'http://MYSITE.co/**']);
});
From the angular documentation: "This allows one to get/set the whitelists and blacklists used to ensure that the URLs used for sourcing Angular templates are safe."
I used this package:
github.com/barryvdh/laravel-cors
and it worked perfectly