Http request to remote server from client


#1

I have a rest api( developed in meteor) hosted at test.mysite.com,

for request authentication we’re using custom header called z-key which we use to authenticate the request.

when I try to post data to it from my cordova app(client) I’m getting following error

XMLHttpRequest cannot load https://test.mysite.com/api/v1/login/. Request header field z-key is not allowed by Access-Control-Allow-Headers in preflight response.

my request is simple, added http package and

         var data = {
      email: loginSelector.email,
      password: password
    }
   apiURL = "https://test.mysite.com/api/v1/login/";
   apiHeaders = { "z-key": "RHTHvsbpQXkupz35A"}

    HTTP.post(apiURL, {
      data: data,
      headers: apiHeaders
    }, function(e,r){
      console.log(e, r);
    });

when I try to post data to same route from server side or postman chrome app everything is working fine?

Any help is appreciated.


#2

you should be allowed to send back z-key header. I guess you should implement options method and return Access headers like:

Access-Control-Allow-Origin: * // if you need
Access-Control-Allow-Methods: POST, GET, OPTIONS // for example
Access-Control-Allow-Headers: Z-KEY, X-RAY, B-SIDE // any you wish