I recently developed an AngularJS application that utilizes Google's server-side flow for authentication.
The issue arises when my AngularJS app is hosted on one server and the Rest API is hosted on another. After successfully logging in, I encounter a problem when my callback function tries to access the Rest API.
An error message is displayed:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://liveboard-dev.locastic.com/api/v1/login. This can be fixed by moving the resource to the same domain or enabling CORS.
It's worth noting that the server itself is not causing any problems as I am able to call this method from various parts of the code, except when trying to send the authorization response directly from Google after the pop-up window closes.
Below is a snippet of my AngularJS code used to call the API:
$http.post(applicationSettings.authenticationAPIUrl, authResult['code'], {headers: {'Content-Type': 'application/octet-stream; charset=utf-8'}}).success(function (response) {
identityService.setIdentity(response);
deferred.resolve(response);
}).error(function (error) {
deferred.reject(error);
});