7

As the title suggest, I need to pass an authorization token but when I check the network console, I'm getting a 403 because the accept and authorization isn't there. NOTE: I removed my authorization token for this example

$http({
        url: 'http://api.stubhub.com/search/catalog/events/v2?title="san"',
        dataType: 'json',
        method: 'GET',
        data: '',
        headers: {
            "Content-Type": 'application/json',
            "Authorization": 'Bearer {token}'
        }
    }).success(function(response){
        $scope.searchResponse = response;
    }).error(function(error){
        $scope.error = error;
    });

This seems like correct syntax? What's wrong here?

EDIT: added the XHR screenshot

enter image description here

EDIT: 2. Here's my network traffic, HAR via paste bin:

http://pastebin.com/fiFngZSy

Improve this question
6
  • This syntax is perfectly OK, Debug time, could you print screen the XHR section after request is made? on request tab please. make sure the token is there, and you can see the field. Commented Nov 8, 2014 at 19:14
  • I made this plunk using the same syntax , look in console log it's working. plnkr.co/edit/fWaAtpF48nHO5gGlgvN7?p=preview Commented Nov 8, 2014 at 19:15
  • Interestingly the authentication token isn't there... which is why I'm getting a 403. Commented Nov 8, 2014 at 19:48
  • would be great if you could provide more detail on the network traffic (using chrome you can save the network traffic in the network view by right clicking "Save as HAR with Content") Commented Nov 8, 2014 at 20:17
  • Did you find the anwser @Garuuk ? Commented Jun 13, 2015 at 3:42

1 Answer 1

Reset to default
1

setting custom headers on XHR requests triggers a preflight request.

I bet you're seeing an OPTIONS request without the Authorization header, and a corresponding response whose Access-Control-Allow-Headers header value is not listing Authorization, or the API doesn't even allow unauthorized OPTIONS requests.

I don't know the stubhub api, but does it return CORS-compliant responses?

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

It does. When I use restangular, I can actually get a 200. I thought restangular was the problem so I switched over to just $http. THis is my other thread with restangular stackoverflow.com/questions/26809680/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.