I try to set an Authorization header to a GET request to authenticate users to a rest API. I'm using Angular 2 RC1. (I'am a total beginner).

getTest(){
    let authToken = localStorage.getItem('auth_token');
    let headers = new Headers({ 'Content-Type': 'application/json' });
    headers.append('Authorization', `Bearer ${authToken}`);

    let options = new RequestOptions({ headers: headers });
    return this._http
      .get(this._url,options)
      .map(res => console.log(res));
  }

I allow CORS in my backend.

header("Access-Control-Allow-Origin: *");
header("Access-Control-Request-Headers: Content-Type, Authorization");

My console :

OPTIONS api/userProfile/

XMLHttpRequest cannot load /userProfile/. Response for preflight has invalid HTTP status code 406

My request headers

Any idea ?

I think that you need the Accept header rather because of the 406 status code...

let authToken = localStorage.getItem('auth_token');
let headers = new Headers({ 'Accept': 'application/json' });
headers.append('Authorization', `Bearer ${authToken}`);

let options = new RequestOptions({ headers: headers });
return this._http
  .get(this._url,options)
  .map(res => console.log(res));

This allows you to tell the server which content type you expect in the response...

The Content-Type header is rather to specify the type of the content you sent in the request. In your case, there is no content...

autorization =  { Authorization: 'Token adfasdfadf651f65asd1f65asdf' }

this.http.get(url, { headers: autorization})