AngularJS disabling CORS?

Question

Maybe I\'m missing something entirely, but I have a server running locally, and have not configured Angular to use CORS for $http requests. When I make an HTTP requ

Answer 1

CORS is a result of your request url, not of any configuration you can set. If your origin does not match the request url protocol/domain/port, you will get a CORS request--no exceptions.

For instance, with an origin of http://www.example.com:8080 :

This is a CORS request: http://example.com:8080/path.json (different subdomain)

This is a CORS request: http://www.example.com/path.json (different port)

This is a CORS request: https://www.example.com:8080/path.json (different protocol)

This is NOT a CORS request: http://www.example.com:8080/path.json (the protocol, domain, and port all match the origin)

That being said, the OPTIONS request is happening because you have a header outside of the standard headers (very likely, your request has an X-Requested-With header). In Angular.js, you can remove this with:

angular.module('yourModuleHere')
    .config(function ($httpProvider) {
        delete $httpProvider.defaults.headers.common['X-Requested-With'];
    });

Note that for Angular.js 1.2 and above, X-Requested-With is not in the default common headers list. You don't need to remove it from the list.