Hello,
we have a widely used mobile app using Angular that performs an $http.post
to a server in a different domain.
Because of this, Angular is forcing an OPTIONS request before the POST, and
we've configured the server so that the OPTIONS returns the right headers (
Access-Control-Allow-Methods:
GET,PUT,POST,DELETE,OPTIONS,PATCH ,
Access-Control-Allow-Origin:
*).
The app works as expected over Wi-fi networks. But when using 3G networks,
all calls fail. After a lot of debugging, we've discovered that 3G
providers are stripping the headers - including the
access-control-allow-methods -, which makes all calls fail!
This results in thousands of clients complaining, and my hands are tied
since I'm not sure how to workaround this.
Is there a way to avoid the OPTIONS call before the POST ? Any suggestions
on how to workaround this?
Thanks,
João Saleiro
we have a widely used mobile app using Angular that performs an $http.post
to a server in a different domain.
Because of this, Angular is forcing an OPTIONS request before the POST, and
we've configured the server so that the OPTIONS returns the right headers (
Access-Control-Allow-Methods:
GET,PUT,POST,DELETE,OPTIONS,PATCH ,
Access-Control-Allow-Origin:
*).
The app works as expected over Wi-fi networks. But when using 3G networks,
all calls fail. After a lot of debugging, we've discovered that 3G
providers are stripping the headers - including the
access-control-allow-methods -, which makes all calls fail!
This results in thousands of clients complaining, and my hands are tied
since I'm not sure how to workaround this.
Is there a way to avoid the OPTIONS call before the POST ? Any suggestions
on how to workaround this?
Thanks,
João Saleiro