CORS access to $http response headers broken in Firefox -- consider workaround for bugzilla 608735

[fredsa]

Mozilla has a long outstanding which causes xhr.getAllResponseHeaders() to be empty / missing so-called simple response headers for CORS requests. See https://bugzilla.mozilla.org/show_bug.cgi?id=608735 for details.

Until this bug is fixed, I was hoping Angular could add a workaround for Firefox users and use xhr.getResponseHeader() instead.

[abtris]

Some problem are solve in http://stackoverflow.com/questions/14188662/angularjs-and-apiary-io-cant-read-any-response-headers/

[willthemoor]

Lost an afternoon to this one. :( I looked into the angular source to see if I could patch a work around for the Firefox bug myself but came up empty.

Created a plunk to illustrate the issue. http://plnkr.co/edit/hiTtKI Try it in webkit and firefox to see where firefox is coming up short.

Unfortunately, it's kind of a show stopper for me. The API I'm targeting uses response headers to communicate pagination information (currentpage, totalpages....)

[willthemoor]

The PR doesn't pass custom headers through because it's looping on a fixed set of headers. If you need custom headers included (I did), you'll need to manually extend the array in the angular.js file.

simpleHeaders = ["Cache-Control", "Content-Language", "Content-Type",
"Expires", "Last-Modified", "Pragma",
"myAwesomeHeader", "other-header", "oatmeal"];

[IgorMinar]

This bug was just fixed in FF. See bugzilla. I still think that we should include the workaround since it will take some time for the fix to propagate into the install base.

[kkurni]

How about custom header with firefox ?

From the changes, I only can see simple header but not custom header.

Is there any other patch regarding this ?

Thanks

[willthemoor]

@kkurni You'll have to add them manually (that's what I did). Could probably do this via new config option but I'm not clear on the guidelines there.

[kkurni]

Where do you add them?

is that changing the code?

I would love to add them in the config.

Thanks

Sent from my iPhone

On 27/02/2013, at 5:59 AM, Will Moore notifications@github.com wrote:

@kkurni https://github.com/kkurni You'll have to add them manually
(that's what I did). Could probably do this via new config option but I'm
not clear on the guidelines there.

—
Reply to this email directly or view it on
GitHubhttps://github.com//issues/1468#issuecomment-14132682
.

[willthemoor]

@kkurni yep, it involves hacking on the source. This comment explains the how/where if you want to do it. #1468 (comment)

[tiw]

According to http://www.w3.org/TR/cors/ 6.2 Preflight Request
The user should have chance to get the headers other than "simple" headers.
Now just the simple headers are returned.

I think allowed headers should be set according to the response headers of Access-Control-Allow-Headers.
Not just using a hardcode Arrray like
simpleHeaders = ["Cache-Control", "Content-Language", "Content-Type",
"Expires", "Last-Modified", "Pragma"];

[kkurni]

android browser unable to retreive this custom header.

Sent from my iPhone

On 03/04/2013, at 7:29 PM, Ting Wang notifications@github.com wrote:

According to http://www.w3.org/TR/cors/ 6.2 Preflight Request
The user should habe change to get the heders other than "simple" header.
Now just the simple headers are returned.

I think allowed headers should be set according to the response headers of
Access-Control-Allow-Headers.

—
Reply to this email directly or view it on
GitHubhttps://github.com//issues/1468#issuecomment-15824456
.