I am trying to build an AngularJS frontend for a Drupal 7 website.
The problem is that, when I set useCredentails to true, I get this error.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://example.com. This can be fixed by moving the resource to the same domain or enabling CORS.
I have the following headers set on the backend:
- Access-Control-Allow-Origin: *
- Access-Control-Allow-Methods: GET, POST, DELETE, PUT
- Access-Control-Allow-Headers: X-Requested-With, Accept, Content-Type, Cookie, X-CSRF-Token
- Access-Control-Allow-Credentials: true
The login works fine with useCredentails equals false. When changed to true, I get the above error.
I wanna be able to set useCredentails to true, in order to be able to use token authentication.
Any ideas?
P.S. I use drupal 7 services module with session autehntication.
The problem was in CORS configuration on the server.
Access-Control-Allow-Origin can not be set to * while Access-Control-Allow-Credentials is set to true.
I changed Access-Control-Allow-Origin to specific hosts, and everything worked fine.