Cannot access 'WWW-authenticate' header within $http response in angular
The Access-Control-Expose-Headers
header can be set to include www-authenticate
. This header will allow clients, including Angular, to read those response headers on a CORS request.
If you're using ASP.NET Web API, then you set the exposedHeaders
either directly on the System.Web.Cors.CorsPolicy.ExposedHeaders
parameter or you can add an attribute to the controller method. The attribute method is described at Enabling Cross-Origin Requests in ASP.NET Web API 2.
Here are a couple examples using ASP.NET Web API.
Example: Setting the ExposedHeaders
parameter
var corsPolicy = new CorsPolicy();
corsPolicy.ExposedHeaders.Add("www-authenticate");
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
Example: Using an attribute
[EnableCors(origins: "*", headers: "*", methods: "*", exposedHeaders: "www-authenticate")]
public class TestController : ApiController
{
// ...
}
If you're using a different framework for your API, then you'll need to research that framework to see how to set the Access-Control-Expose-Headers
header.