Support Topics Documentation Slack YouTube Blog

/users/login gives exception XMLHttpRequest cannot load Request header field Authorization

When using the REST API, via an AngularJS app, I am able to register a new user with no problem. However, when I use the LoginUser, I get a 200 back from backEndless API, but my console shows:
user.service.js - about to login user w Backendless - username = jcunningham77@gmail.com password = password
XMLHttpRequest cannot load https://api.backendless.com/v1/users/login. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.
the error was = undefined
loginController = using new method to login user
user.service.js - about to login user w Backendless - username = jcunningham77@gmail.com password = password
XMLHttpRequest cannot load https://api.backendless.com/v1/users/login. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response.
the error was = undefined
loginController = using new method to login user
There are some stackoverflow topics on this issue, and I tried to get around the issue by setting request header for the loginRequest to ‘Content-Type’ : ‘application/x-www-form-urlencoded; charset=UTF-8’ instead of “application/json” but still get the same bad response.
When comparing the request/response headers for both the login endpoint and the register endpoint, they seem identical. Is there a difference in CORS support between these two endpoints?
I haven’t ruled out this being a Angular issue. I’m going to try to invoke these endpoints via jQuery to see if I get different results.
Thanks for any feedback anyone has

Hi Jeff,

It appears you’re adding the Authorization header (do you?):

$http.defaults.headers.common['Authorization'] = 'Basic ' + authdata;

Any particular reason you’re not using the Backendless SDK for JS?

With the SDK you could simply replace the following line:

return $http.post(‘[url=http://api.backendless.com/.../login']api.backendless.com/.../login'[/url], user).then(handleSuccess, handleError('Error user login'))

with:

Backendless.UserService.login(user).then( handleSuccess, handleError( 'Error user login' ))

If you’re going to do that, make sure to enable promises in the app initialization logic with the following call:

Backendless.enablePromises()

Thanks for following up, Mark. Yeah I wanted to practice using the REST API with Angular since I also have some other REST APIs I have to integrate with. The Backendless JS API works really well for me, I just tried it. And then I went back and figured out how to explicitly remove the authorization header from the default Angular HTTP request config.

Awesome job, and the Backendless platform is very well documented and easy to learn.