'Access-Control-Allow-Origin' problem

[leuowang]

I have installed drupalgap 2 in my drupal site and developed an ionic/angular based app to connect the web site. But something strange happened when I call user_login() in my angular.module().run() as following:

               drupal.user_login('myaccount', 'mypassword').then(function (data) {
                    if (data.user.uid) {
                        alert('Hello ' + data.user.name + '!');
                    } else {
                        alert('login failed.');
                    }
                });

The error message shows it is a 'Access-Control-Allow-Origin' problem since I sent the request from localhost:

XMLHttpRequest cannot load http://dev-tiyogo.pantheon.io/?q=drupalgap/system/connect.json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access. The response had HTTP status code 405.

However, the error was caused by system/connect but not by user/login. So I checked the network timeline and found that:

both /?q=drupalgap/user/login.json and /?q=services/session/token calls executed successfully but failed when it try to connect system(/?q=drupalgap/system/connect.json).

Any suggestions to solve the problem? By the way, I am very sure that the web services of system and user resources are all checked.

[signalpoint]

@leuowang This is most likely because you're developing your app on localhost, and your Drupal site is located externally (i.e. Pantheon). You can either develop your app up on Pantheon within the same domain (e.g. dev-tiyogo.pantheon.io), or you can develop on localhost if you launch Chrome with security disabled: http://drupalgap.org/node/223

[kentr]

Another solution is to use the chrome Allow-Control-Allow-Origin: *.

A possible advantage of this route is that if you use some auto-opening command for Chrome (like ionic serve), you can easily disable the security in the browser instance that opens.