Error- Preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource
Your server needs to specify the correct CORS headers in its response.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
Only browsers enforce CORS, thats why it works in POSTMAN, not sure why it is working in IE
If only I had a pound for every time someone asked this question.
Comments
-
keystrokker almost 2 years
I am trying to call a secured rest API from the angular app. This rest API is running on WAS, and it is validating a JWT token. While running the application in google chrome, it is giving the below error:
Response to the preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
The same call is working fine in IE and postman. Could you pls help me here?
-
Aluan Haddad over 5 yearsIt's because of Chrome sends an
OPTIONS
request prior to the request you specify. The server needs to be configured to allow the CORS for that method. -
keystrokker over 5 yearsMy Rest API is running on IBM WebSphere 8.0.4 Can you pls share the step to configure CORS on it?
-
danday74 over 5 yearsAdd these headers to all responses ... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT - beware this allows any client to request from it - you may want to restrict it some more but this should get you started - I've never used IBM before so can't help with the gritty details on how to configure it
-
keystrokker over 5 yearsokay i have hundreds of the apis in the wrapper. Is there any convenient way of resolving this issue? Is there anyone who can tell me how to configure CORS on websphere server?
-
danday74 over 5 yearsask a new so question for that issue specifically
-
joedotnot over 4 years@danday74 RE your statement only browsers enforce CORS ... would seem to say that the server receives the request, and sends a response back; It is the browser that refuses to process the response further; am i correct in thinking like that?