2

I have to consume an API through CORS in my Angular5 app, but this particular api isn't allowing the Content-Type header in the CORS configuration. My angular app is currently sending this header, and the preflight check is failing due to the fact that I'm sending a header that isn't explicitly allowed by the API's CORS configuration. Is there a way to remove this header for this particular request?

I was thinking along the lines of creating an interceptor but is that the most appropriate place to remove this header?

Improve this question

1 Answer 1

Reset to default
2

The solution here was to not use Angular's HttpClient and use the fetch api instead. I couldn't figure out a way to use HttpClient and remove the 'Content-Type' header, even when I wrote an interceptor and explicitly removed this header it was added back somewhere.

Here is what I ended up doing:

    return fetch( environment.splunk_config.url, {
        body: JSON.stringify(_message),
        method: 'POST',
        mode: 'cors',
        headers: { 'Authorization': auth }
      }
    )
    .then(response => response.json());
  }
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you SO MUCH for this answer. I had the same problem using Splunk Http Event Collector and Angular 6. Use the fetch approach and it worked perfectly. Will file a bug / enhancement request with Splunk dev team
I'm not sure that this is an issue with Splunk (yes they probably should support the Content-Type header in CORS requests) but I think this is probably a bug with the angular httpclient, I'm not sure why httpclient doesn't allow people to remove the content-type request header.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.