I am trying to build an AngularJS frontend for a Drupal 7 website.
The problem is that, when I set
true, I get this error.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://example.com. This can be fixed by moving the resource to the same domain or enabling CORS.
I have the following headers set on the backend:
- Access-Control-Allow-Origin: *
- Access-Control-Allow-Methods: GET, POST, DELETE, PUT
- Access-Control-Allow-Headers: X-Requested-With, Accept, Content-Type, Cookie, X-CSRF-Token
- Access-Control-Allow-Credentials: true
The login works fine with
false. When changed to true, I get the above error.
I wanna be able to set
true, in order to be able to use token authentication.
P.S. I use drupal 7 services module with session autehntication.
The problem was in CORS configuration on the server.
Access-Control-Allow-Origin can not be set to
Access-Control-Allow-Credentials is set to
Access-Control-Allow-Origin to specific hosts, and everything worked fine.
Hope it helps someone someday.