POST https://.../api/login/login 401 (Unauthorized)
index.html:1 Failed to load https://.../api/login/login: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access. The response had HTTP status code 401.
But my RemObjectsSDK-HttpApi-Server delivers a Access-Control-Allow-Origin: * and TWebHttpRequest works fine also.
Are you sure the access token returns via a header? Regardless, at this moment, the TWebHttpRequest returns only the HTTP request response data. We've added an extra event OnRequestResponse that will return the full request object so you will also be able to access the headers from this response object
2) It is not clear why you would get a 401 from TWebRESTClient and not TWebHttpRequest as both internally use the same TJSXMLHttpRequest Javascript object. Maybe you can check with a (free) tool like Fiddler for differences in the HTTP requests between TWebRESTClient and TWebHttpRequest and perhaps differences in response?
This is not Authorisation problem. It has to do with the CORS capabilities of the server. See this and this for more
The problem is, as the message says, that the request does not include 'Access-Control-Allow-Origin=*' header.
You can manually add it in the component but for some reason it doesn't go through. When I add it, Chrome does not recognise it although in the generated javascript the header is added.
Can someone at TMS check this please?
As a proof that there is something wrong with the pass of the headers, you can download this Chrome extension:
You can start the RemObjectsSDK server with _startServer.bat or compile the exe for your own.
Then try to login with TMS-Client. Debugger in Chrome shows me
POST http://localhost:8099/api/login/login 401 (Unauthorized)
ClientTMSWebCore.html:1
Failed to load http://localhost:8099/api/login/login: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access. The response had HTTP status code 401.
so, this does mean that CORS is not enabled. Maybe there is something more you need to do with the remobjects server. I'm not an expert in the remobjects sdk. If the problem persists, perhaps you can contact remobjects.
This is indeed a good improvement and helps for working with endpoints that do not require the access token. We've applied this improvement and it will be included in the next update.