Angular.js: $http: unusable params passed to error handler when CORS preflight fails

Created on 25 Jul 2013 · 15Comments · Source: angular/angular.js

Suppose an http POST to a different origin. This implies CORS, including a CORS preflight exchange. Now suppose the OPTIONS request returns a 500 error due to a server problem. In this case the error handler gives "" for data and 0 for status.

Seems wrong.

$http.post(myUrl, loginPayload, loginHttpConfig)
  .success(function (response) {
     ....
  })
  .error(function(data, status, headers, config) {
    // In the event of a 500 response from the implicit OPTIONS
    // request for CORS preflight, data ="", and status=0. This 
    // seems wrong.  
  });

Source

DinoChiesa

Most helpful comment

I found the issue for a while now but I forgot post here a reply. EVERY response, even Error 500, must have the CORS headers attached. If the server doesn't attach the CORS headers to the Error 500 response then the XHR Object won't parse it, thus the XHR Object won't have any response body, status, or any other response data inside.

lucipacurar on 19 Aug 2013

👍11

All 15 comments

This is more of a browser problem. I'm having more or less the same issue. You can take a look at the XHR Object in the AngularJS code to check if actually returns a status and data. In my case the XHR Object returns status 0 which I'm assuming is happening in your case too.

lucipacurar on 25 Jul 2013

Duplicate of https://github.com/angular/angular.js/issues/2798

pkozlowski-opensource on 25 Jul 2013

Fwiw, I'm experiencing the status 0 problem with $http failures that are not JSONP (just a normal POST sending/receiving JSON) and the OPTIONS preflight actually succeeds. Content length of the error response is correctly set and the payload is valid JSON. The dev tools UI reports the server response as being missing ("This request has no response data available.")

Direct calls to the API end point using Postman with the same payload returns the expected error code and a correctly size payload.

CORS is involved here somewhere, but it's not limited to the OPTIONS preflight failing.

kapusta on 19 Aug 2013

lucipacurar on 19 Aug 2013

👍11

@lucassp Thanks for the follow up, I went back and tested my APIs and the replies with 400s and 500s don't include CORS headers.

kapusta on 20 Aug 2013

Thank you @lucassp for your explanation above. It just saved my tail today and many hours of frustration.

NathanWalker on 14 May 2014

@NathanWalker I'm glad it helped :)

lucipacurar on 14 May 2014

+1 This answer helped me out as well. Thank you.

aaronleesmith on 30 Jan 2015

Thanks @lucassp.

relferreira on 24 Feb 2015

Thanks a lot @lucassp It was driving me crazy !

logusgraphics on 18 Sep 2015

Thanks @lucassp, this made me searching at the right place.

Although the server was alreay sending all CORS headers, it turned out that the $http request didn't reach the server at all.
The reason was the use of a self signed certificate which made $http directly call the error handler without performing the request itself.
For me it was the combination of using $http in a PhoneGap application on iOS with a self-signed, invalid certificate.

Maybe interesting:
http://stackoverflow.com/questions/4565772/ajax-calls-to-untrusted-self-signed-https-fail-silently

philonor on 23 Sep 2015

@philonor I'm glad it helped. I will start working on a PhoneGap app next week, so your issue will help me too :+1:

lucipacurar on 24 Sep 2015

Thanks @lucassp for the head up.

keepscoding on 18 Dec 2015

Hey guys.

I've run into this issue myself, @lucassp to your point before, are you saying that ALL cross origin responses in addition to preflight responses should include the CORS headers?

Is this part of the CORS specification? I'm browsing through it trying to find some explanation.

Just want to be sure as I'll need to raise a feature request with someone to solve my problem :(