Issues w/ CORS / HTTP-Status 401


Hi @ all,
I’m facing several issues w/ a basic implementation of a dreamfactory-login. I’ve tried to enable CORS w/in the admin-panel (Host: * / Allowed: POST + GET) and tried to manually enforce it from w/in my Virtual Apache Host.

XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8383' is therefore not allowed access. The response had HTTP status code 401.


   <Directory /opt/dreamfactory/platform/web/>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride All
	Order allow,deny
	Allow from all
	Header set Access-Control-Allow-Origin "*"

me@debian:/# apachectl -t
Syntax OK
me@debian:/# a2enmod headers
Module headers already enabled

Unfortunately, I’m still receiving the 401-code and don’t know why.

I’m trying to login like this (for testing purposes):

$scope.doLogin = function() {
            console.log('Doing login', $scope.loginData);

        var requestData = {
            email : '',
            password : 'test'
        $"", requestData, {
            headers: {'Content-Type': 'application/json', 'X-DreamFactory-Application-Name' : 'ID'}}
        }).success(function(responseData) {
        }).error(function(err) {

Help would be very much appreciated. Thanks!


I’m a massive idiot - the web-dir was password-protected via .htaccess. Since my browsers have been logged in and the debugging-console only showed me the error stated in the OP, I failed to connect the dots…

Hint: To check if CORS is allowed, try this:

$  curl -i
<title>401 Authorization Required</title>

After removing the .htaccess-Login:

$  curl -i
Date: Tue, 02 Sep 2014 13:52:19 GMT
Access-Control-Allow-Origin: *


Thanks, man!

Glad you figured it out, take care.

  • Mark