Brian Millot
Reputation: 199
Cors issue with response to preflight request
I'm doing an axios call to get the blog articles, however I'm facing a CORS issue. I tried everything and I don't understand the problem. Here's my code:
axios({
method: "POST",
url: process.env.REACT_APP_API_URL + '/pages/articles',
headers: { 'Content-Type': 'application/json;charset=UTF-8', "Access-Control-Allow-Origin": "*", "Accept": "application/json" },
data: {
country: localStorage.getItem("locale")
}
}).then(result => {
setPosts(result.data.json.articles);
});
In my /config/bootstrap.php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization');
header("Access-Control-Allow-Credentials: true");
header('Content-Type: application/json');
$method = $_SERVER['REQUEST_METHOD'];
if ($method == "OPTIONS") {
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method,Access-Control-Request-Headers, Authorization");
header("HTTP/1.1 200 OK");
die();
}
The problem in the console is:
Access to XMLHttpRequest at 'https://api.mysite.fr/pages/articles' from
origin 'https://mysite.fr' has been blocked by CORS policy: Response to
preflight request doesn't pass access control check: It does not have
HTTP ok status.
Upvotes: 4
Views: 3768
Answers (1)
Md.Jewel Mia
Reputation: 3451
Please apply CORS validation on the server it needs to be server-side not front-end for the example: The request in JavaScript This shows you how to make a request in JavaScript that is allowed by this policy.
var http_request;
http_request = new XMLHTTPRequest();
http_request.onreadystatechange = function () { /* .. */ };
http_request.open("POST", "process.env.REACT_APP_API_URL + '/pages/articles'");
http_request.withCredentials = true;
http_request.setRequestHeader("Content-Type", "application/json");
http_request.send({ 'request': "authentication token" });
We're sending a POST request that contains JSON and we'll include our cookies. It produces a request with these headers:
Origin: https://mysite.fr
Access-Control-Request-Method: POST
Access-Control-Request-Headers: Content-Type
For PHP Project
// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
// you want to allow, and if so:
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
// may also be using PUT, PATCH, HEAD etc
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
Upvotes: 2
Related Questions
- How to overcome the CORS issue in ReactJS
- ReactJS: has been blocked by CORS policy: Response to preflight request doesn't pass access control check
- .. from origin .. has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status
- How to fix "Response to preflight request doesn't pass access control check: It does not have HTTP ok status" error in react app with nodejs api
- ‘content-type’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response
- CORS issue React Axios
- How to fix CORS policy error when sending axios get request?
- CORS error: Request header field authentication is not allowed by Access-Control-Allow-Headers in preflight response
- CORS preflight request not handled by external API
- Using Axios from React to make http requests to express is failing after pre-flight with CORS errors. Enabled CORS on the server and still not working