Server configuration issue when executing a GET method


#1

Good afternoon folks,

the reason of this thread is because I’m experiencing problems when I try to execute a HTTP GET call to the FlightXML REST service from my application.
I give you context, my application is being developed with Angular2 (my package.json with the Angular2 versions I use are at the end of this meesage) as a front-end framework with Node.js v7.9.0 as a back-end.

My problems come when using Angular2 HTTP service v2.3.1 I call a GET method to your URL 'http://flightxml.flightaware.com/json/FlightXML2/FlightInfoEx
establishing an ‘Authorization’ header with the value of my user and password as seen in next image:

https://ibb.co/nh4T7v

The result of the call can be seen on the next image:

https://ibb.co/nxj6ua

I’ve been looking for a solution for two days thinking that I have made some mistake, but following indications from stackOverflow and Angular2 documentation
I’ve learned that the error received in the response of my GET call is because the server-side doesn’t have enabled the cross-origin resource sharing (CORS) .
(stackoverflow.com/questions/299 … ns-request #See the first answer). This error happens because Angular2 HTTP service follows
the CORS specification sending a preflight request with an OPTIONS method before sending the expected GET method.

Moreover, I’ve tried the same GET call with POSTMAN plugin to ensure that I formed properly the URL and the Authorization header, with success. So, I ask you if
you could tell me that your FlightXML server configuration follows CORS specification, and if the server doesn’t follow it I beg you to add this feature, not only for me but all other potential customers of yours that may develope with Angular2.

For your information, you can follow CORS specification easily with next link: enable-cors.org/server.html

If none of this is possible, can you tell me please where I can see how to configure my Node.js backend to make the calls using restler?

Thanks in advance.


#2

We’re not currently implementing CORS in the FlightXML servers. It may be something we add at a later point, or change how you authenticate and allow you to restrict your key by ip or referer.

Either way you probably don’t want to include your call (with username and apiKey) directly from the UI as it exposes your credentials. I would suggest you make the call in your node.js backend. There is a small example of how to configure that node.js on the examples page. Look under the Rest examples in the Javascript section. flightaware.com/commercial/flig … t#examples


#3

Thank you conej730 for your help.

Finally, I managed to get a solution that is working nice. Basically, I’m putting express in the middle of my Angular2 application and my Node.js
server. This middleware avoids the CORS calls that Angular2 does automatically.

For further information, I used next links:

javascriptrocks.wordpress.com/2 … 5-minutes/

expressjs.com/en/starter/installing.html

Thanks again.