I am using angularjs2 http service to send http request. In the login API, I send a post request with user credential, the backend server generates a session_id in the response and save it on cookie. That session_id doesn't show in the http response object in Angularjs. But I can see this value from chrome debug network panel. There is a Cookies tab under network. From there I can see the session_id and its value.
After login successfully, I use below code to send the next http request:
let options = new RequestOptions({headers: this.headers, withCredentials: true });
return this.http.get(url, options)
But I got below error response:
XMLHttpRequest cannot load https://backendjump.net/user/. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:4200' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
when I debug the request on chrome I found the request header is like below:
Request URL:https://testapi.net/user/
Request Method:OPTIONS
Status Code:204 No Content
Remote Address:52.43.21.19:443
Referrer Policy:no-referrer-when-downgrade
it doesn't include the cookies session_id mentioned above. Another interesting thing is that the Request Method becomes OPTIONS not GET.
I don't know how to solve this issue. Is it a backend or front-end issue?