angularjs - CORS error with Facebook callback function -
i have following code:
app.js:
var passport = require('passport') , facebookstrategy = require('passport-facebook').strategy , ... passport.serializeuser(function(user, done) { console.log('serializing user') done(null, user); }) passport.deserializeuser(function(obj, done) { console.log('deserializeuser') done(null, obj) }) passport.use(new facebookstrategy({ clientid: fbapp.id, clientsecret: fbapp.secret, callbackurl: "http://www.mylocal.com:3000/auth/facebook/callback" }, function(accesstoken, refreshtoken, profile, done) { // asynchronous verification, effect... process.nexttick(function () { return done(null, profile) }) } )) app.get('/auth/facebook', passport.authenticate('facebook', { scope: ['email, user_likes, user_photos, publish_actions'] })) app.get('/auth/facebook/callback', passport.authenticate('facebook', { successredirect: '/loginsuccess', failureredirect : '/loginfail' })) app.get('loginsuccess', function(req, res) { console.log('login success') res.send(200, 'ok') }) app.get('/loginfail', function(req, res) { console.log('login error') res.send(401, 'error') }) the angular part:
factory('facebookfactory', ['$http', '$q', function($http, $q) { var = function() { var deferred = $q.defer(); $http({method: 'get', url: '/auth/facebook'}). success(function(data, status, headers, config) { deferred.resolve(data); }). error(function(data, status, headers, config) { deferred.reject(data); }); return deferred.promise; }; return { get: }; }]) i error , did several attempts no success.
xmlhttprequest cannot load https://www.facebook.com/dialog/oauth? response_type=code&redirect_uri=http%… user_likes%2c%20user_photos%2c%20publish_actions&client_id=xxxxxxxxxxx. no 'access-control-allow-origin' header present on requested resource. origin '[basic links]http://www.mylocal.com:3000' therefore not allowed access. anyone idea? did try solely in angular not work in safari in chrome , ff works perfectly.
www.mylocal.com:3000 = localhost:3000
you not find solution client side languages constitutes cross-origin request used malicious attack. facebook endpoint need have access-control-allow-origin header block set , don't think anytime soon. use apis alot , have have theses headers set in endpoint clients can connect localhost or dev urls:
if (isset($_server['http_origin'])): header("access-control-allow-origin: {$_server['http_origin']}"); header('access-control-allow-credentials: true'); header('access-control-max-age: 86400'); endif; if ($_server['request_method'] == 'options'): if (isset($_server['http_access_control_request_method'])): header('access-control-allow-methods: get, post, options, delete, put'); endif; if (isset($_server['http_access_control_request_headers'])): header("access-control-allow-headers: {$_server['http_access_control_request_headers']}"); endif; exit(0); endif; you try in $http broker:
var promise = $http({ method: 'post', url: 'url_to_api', data: params, headers: { 'access-control-allow-origin': true, 'content-type': 'application/json' } }).success(function (data, status, headers, config) { return data; });
Comments
Post a Comment