Add authentication to OPTIONS request
According to the CORS specification when a preflight request is performed user credentials are excluded.
(...) using the method OPTIONS, and with the following additional constraints:
- (...)
- Exclude the author request headers.
- Exclude user credentials.
- (...)
(emphasis is mine)
With this in mind, the problem seems to be on the API side of things, which should be accepting OPTIONS
requests without requiring authentication.
It's possible to provide authentication for CORS preflight requests using the withCredentials
option:
@Injectable()export class AuthInterceptor implements HttpInterceptor { constructor() { } intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> { request = request.clone({ withCredentials: true }); return next.handle(request); }}
See also: