I would avoid setting the token in $http.defaults in the first place. You do not want to accidentally send that to a domain outside your control. CORS won’t always come to your rescue 🙂

Instead, you could create a service that talks to your API. That service has a generic request(method, path) function which calls $http(method: method, “” + path, headers: { ‘Authorization’: YOUR_TOKEN})

Then in the controller call myService.request(‘my/data’) when you need something from your own API and $http directly if you need something from outside your domain (or create another service for that).