Clearly not the ideal solution but it WORKS. I’ve added this to the top of my routes.php file: header(‘Access-Control-Allow-Origin: *’); header( ‘Access-Control-Allow-Headers: Authorization, Content-Type’ ); It would be nice to get this working without a hack… alas. UPDATE: It turned out to be IIS related. I ended up setting the headers in the web.config file … Read more
I had success with this custom filter: import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpResponse; import org.springframework.web.cors.reactive.CorsUtils; import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.WebFilter; import org.springframework.web.server.WebFilterChain; import reactor.core.publisher.Mono; @Configuration public class CorsConfiguration { private static final String ALLOWED_HEADERS = “x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN”; private static final String ALLOWED_METHODS = “GET, … Read more
I was able to do this by extending UsernamePasswordAuthenticationFilter… my code is in Groovy, hope that’s OK: public class CorsAwareAuthenticationFilter extends UsernamePasswordAuthenticationFilter { static final String ORIGIN = ‘Origin’ @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response){ if (request.getHeader(ORIGIN)) { String origin = request.getHeader(ORIGIN) response.addHeader(‘Access-Control-Allow-Origin’, origin) response.addHeader(‘Access-Control-Allow-Methods’, ‘GET, POST, PUT, DELETE’) response.addHeader(‘Access-Control-Allow-Credentials’, ‘true’) response.addHeader(‘Access-Control-Allow-Headers’, request.getHeader(‘Access-Control-Request-Headers’)) } … Read more
TL;DR answer Explanation The OPTIONS request is so called pre-flight request, which is part of Cross-origin resource sharing (CORS). Browsers use it to check if a request is allowed from a particular domain as follows: The browser wants to send a request to a particular URL, let’s say a POST request with the application/json content … Read more
The custom Content-Type header you’re sending causes your request to be preflighted, which means an OPTIONS request, containing some metadata about the POST request that is about to be dispatched, will be sent before the actual POST request. Your server needs to be prepared to deal with this OPTIONS request. You haven’t specified what the … Read more
Two thoughts: 1) are you also including the “Access-Control-Allow-Credentials: true” header? This is needed for passing cookie credentials (and the corresponding XHR client must set .withCredentials = true) 2) Have you tried the suggestion from your link and only include the origin for the current request. For example, if a request comes in with the … Read more
There are 3 ways to allow cross domain origin (excluding jsonp): Set the header in the page directly using a templating language like PHP. Keep in mind there can be no HTML before your header or it will fail. Modify the server configuration file (apache.conf) and add this line. Note that “*” represents allow all. … Read more
I use gorilla/mux package to build Go RESTful API server, and client use JavaScript Request can work, My Go Server runs at localhost:9091, and the Server code: router := mux.NewRouter() //api route is /people, //Methods(“GET”, “OPTIONS”) means it support GET, OPTIONS router.HandleFunc(“/people”, GetPeopleAPI).Methods(“GET”, “OPTIONS”) log.Fatal(http.ListenAndServe(“:9091”, router)) I find giving OPTIONS here is important, otherwise error … Read more
You may need to change your Web API a bit. I met the same kind of problem and wrote a post about how to fix this issue. I used Sinatra for the API, I don’t know what language you are using for your webservices but I guess you can apply it. Basically, you need to … Read more
Check your windows task manager and make sure you kill all chrome processes before running the command.