backend: Sails app w/ Waterlock, Waterlock-local-auth frontend: An angular app
I'm running into a issue where postman works fine, gets JWT from /user/jwt all good and dandy but whenever I login through the browser and then attempt to hit /user/jwt it gives 403 forbidden. Any clues?
I have CORs enabled for all origins on all routes.
Any help would be appriciated!
To save some time for novices like me:
$http won't be passing the session data with the request, so Sails/express server doesn't know which 'session' the /user/jwt request is being made from and hence giving 403, as it should. I guess Postman handles this for you automagically.
Added this to my angular config:
config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.withCredentials = true;
}]).