These are chat archives for spring-guides/tut-spring-security-and-angular-js

24th
Jun 2016
LazarN
@LazarN
Jun 24 2016 18:17

@dsyer I understand. I will spend the weekend reading documentation and running samples. I posted a question on stackoverflow : http://stackoverflow.com/questions/38018644/spring-security-angularjs-forbidden-403/38018704#38018704

I will really appreciate small hint. Thank you!

LazarN
@LazarN
Jun 24 2016 20:38
I compared the headers of the working example and mine and they are slightly different
200 OK

response:

Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Length:0
Date:Fri, 24 Jun 2016 18:27:47 GMT
Expires:0
Pragma:no-cache
Server:Apache-Coyote/1.1
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block

request

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:JSESSIONID=3F09DCDA3F538B751DAA06BA964E849F; XSRF-TOKEN=68db8cd9-184f-4a79-9bb3-2edb296665d7
Host:localhost:8080
Referer:http://localhost:8080/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
X-Requested-With:XMLHttpRequest
X-XSRF-TOKEN:68db8cd9-184f-4a79-9bb3-2edb296665d7
this is from the example 200 OK
```
03 Unauthorized

response


Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Content-Language:en
Content-Length:1036
Content-Type:text/html;charset=utf-8
Date:Fri, 24 Jun 2016 19:07:04 GMT
Expires:0
Pragma:no-cache
Server:Apache-Coyote/1.1
Set-Cookie:JSESSIONID=438F4A874478C8B1A97AED7E1C078264; Path=/basic-web-app/; HttpOnly
X-Content-Type-Options:nosniff
X-Frame-Options:DENY
X-XSS-Protection:1; mode=block


request:

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
authorization:Basic dXNlcjpwYXNzd29yZA==
Connection:keep-alive
Cookie:JSESSIONID=C060DB9415DCA8CD6AAEC2C6A441A7DD; XSRF-TOKEN=6f8835da-1b69-442d-ba2c-08fc6fda6aa5
Host:localhost:8087
Referer:http://localhost:8087/basic-web-app/app/index.html
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
X-Requested-With:XMLHttpRequest
X-XSRF-TOKEN:6f8835da-1b69-442d-ba2c-08fc6fda6aa5
second is mine 403 forbidden
I have Set-Cookie perhaps this is the problem