I wrote this in AngularJS service block and I can't get it to work properly:

app.factory('sfAttachment', ['$http', '$q', '$window', function($http, $q, $window){

var attachment = {};


//Save to server function for attachments
attachment.save = function( base64value, mimeType, currentDocTypeId, currentFilename, attachmentId ){

    var data = {
            "Body" : base64value,
            "ContentType": mimeType,
            "ParentId": currentDocTypeId,
            "Name": currentFilename
        };

    var url = $window.__url;
    var method;

    var isUpdate = ($.trim(attachmentId) !== '');
    if (isUpdate) {
        url = url + attachmentId;
        method = 'PATCH';
    } else {
        // Method for creation
        method = 'POST';
    };

    var request = {

        url: url,
        method: method,
        data: data

    };

    var deferred = $q.defer();

    $http(request).then(function(response){
        deferred.resolve(response);
        console.log('file SAVED');
        console.log(response);
    }, function(event){
        deferred.reject('The attachment could not be saved:' + event);
    });


    return deferred.promise;
}


return attachment;}]);
app.run(['$http','$window',function ($http, $window) {

 var sessionId = $window.__sfdcSessionId;

 $http.defaults.useXDomain = true;
 delete $http.defaults.headers.common["X-Requested-With"];
 $http.defaults.headers.common["Access-Control-Allow-Origin"] = "*";
 $http.defaults.headers.common["Accept"] = "application/json";
 $http.defaults.headers.common["content-type"] = "application/json";
 $http.defaults.headers.common['Authorization'] = "OAuth " + sessionId ;
 $http.defaults.headers.common['X-User-Agent'] = "MyClient" ;
}]) ; 

I keep getting these errors:

Failed to load resource: the server responded with a status of 400 (Bad Request)

As well as this:

MLHttpRequest cannot load https://youri.cs22.my.salesforce.com/services/data/v26.0/sobjects/Attachment/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://youri--c.cs22.visual.force.com' is therefore not allowed access. The response had HTTP status code 400.

I added https://youri--c.cs22.visual.force.comto the remote Site settings in Salesforce but that still seem to be causing issues...

Any suggestions?

EDIT: I figured out the first part of my issue I needed to white list https://youri--c.cs22.visual.force.comin Remote Settings> CORS and not remote sites but I still get the Bad request error...

See the Edit:

EDIT: I figured out the first part of my issue I needed to white list https://youri--c.cs22.visual.force.comin Remote Settings> CORS and not remote sites but I still get the Bad request error...