CORS Strange behaviour

Question

I am using axios client with angular2 to make a RESTFull post to a specific endpoint.

I get this CORS error:

Failed to load http://localhost:57772/api/deepsee/v1/bi_cube_updated_namespace/Data/KPIExecute: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.

When I check my preflight request in the chrome dev tools network tab everything seems to be in order. The network tab shows this:

Request URL:http://localhost:57772/api/deepsee/v1/bi_cube_updated_namespace/Data/KPIExecute
Request Method:OPTIONS
Status Code:200 OK
Remote Address:[::1]:57772
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
ACCESS-CONTROL-ALLOW-CREDENTIALS:true
ACCESS-CONTROL-ALLOW-HEADERS:authorization,content-type
ACCESS-CONTROL-ALLOW-METHODS:POST
ACCESS-CONTROL-ALLOW-ORIGIN:http://localhost:4200
ALLOW:POST,OPTIONS

The comes the actual post :

 Request URL:http://localhost:57772/api/deepsee/v1/bi_cube_updated_namespace/Data/KPIExecute
Request Method:POST
Status Code:200 OK
Remote Address:[::1]:57772
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
CACHE-CONTROL:no-cache
Connection:Keep-Alive
CONTENT-LENGTH:179
Content-Type:application/json; charset=utf-8
Date:Tue, 14 Nov 2017 12:53:46 GMT
EXPIRES:Thu, 29 Oct 1998 17:04:19 GMT
Keep-Alive:timeout=120
PRAGMA:no-cache
Server:Apache

Answer 1

It sounds like you're only including the response headers in the OPTIONS response, not the POST response. You need to include them in both responses.