Questions tagged [cors]

1

votes
2

answer
2.2k

Views

CORS 'Allow-Credentials' Nodejs/Express

My project is running on Node with an Express backend. I'm trying to query my Arango database clientside with Arangojs. ArangoDB is running on Docker on Digital Ocean. I have no issues querying my database serverside, however I get the following error on page load: Failed to load http://0.0.0.0:8529...
jayf93
1

votes
2

answer
8.7k

Views

How to solve Cross-Origin-Request-Block issue while fetching data using angular2 and php?

Please read the question in detail since it is a long one with various edits and extended updates as per the request of other users. I am trying to send data to php file using angular2. I am doing the angular project in Unix and the var/www/html/ is the php Xampp folder locations for running the ph...
Saswat
1

votes
3

answer
4.1k

Views

Refused to display a frame because it set 'X-Frame-Options' to 'sameorigin'

I am trying to set a iframe in the ionic3 but I am facing with this problem Refused to display a frame of webpages. This is my code. onInput() { this.open = true; this.url = this.domSanitizer.bypassSecurityTrustResourceUrl('https://www.youtube.com/embed/results?search_query=' + this.myInput); }
1

votes
1

answer
607

Views

ASP.NET Core Disable CORS for specific controllers

I have different set of controllers in my application (let's say A and B). CORS for A controller needs to be enabled and disabled for B controllers. I have configured CORS via the policies in the following way: ConfigureServices method: services.AddCors( options => { options.AddPolicy( 'AllowCors',...
Pylyp Lebediev
1

votes
3

answer
76

Views

Laravel API cors - request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response [duplicate]

This question already has an answer here: Error: Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response 1 answer I'm having a CORS issue between my Laravel api and Angular client application. This is my cors middleware public function handle($request...
1

votes
3

answer
320

Views

Axios request receiving a CORS error only when inside a callback/async function

I'm using VueJS for an app I am building. The server I have is written in Golang and has been set to accept CORS. In the app, in one of my components, searchBar, I have set it to fetch some data before it is created. var searchBar = { prop: [...], data: function() { return { ... }; }, beforeCreate:...
0

votes
0

answer
5

Views

Imgur api axios request blocked by CORB

Everything in my project works as it should. I get the 'request' answer (200 OK) but I still get this warning; ('Cross-Origin Read Blocking (CORB) blocked cross-origin response https://api.imgur.com/3/upload with MIME type application / json. See https://www.chromestatus.com/feature/5629709824032768...
Ibrahim Yolbir
0

votes
1

answer
14

Views

How do you send a cross origin request from localhost?

I have my front end running on localhost:8080 and my server on localhost:3000. I'd like to send a request from my front end to the server. When I do, I get the following error: Access to XMLHttpRequest at 'localhost:3000/create-sharable-url' from origin 'http://localhost:8080' has been blocked by CO...
Adam Zerner
0

votes
0

answer
13

Views

Angular cors-anywhere not passing headers

I'm making an Angular 7 app that makes a bunch of request to Microsoft's Face API. Every request worked except one 'Train' returned a CORS error. I tried using Chrome's extension, disabling chrome's security, using a proxy server but none worked. However when I used cors-anywhere, I did not get a C...
houssam98
8

votes
1

answer
8.1k

Views

How to use CORS to implement JavaScript Google Places API request

I really do NOT understand how I'm supposed to make this work: var requestURL = 'https://maps.googleapis.com/maps/api/place/details/json?placeid=ChIJN1t_tDeuEmsRUsoyG83frY4&key=AIzaSyAW4CQp3KxwYkrHFZERfcGSl--rFce4tNw'; console.log(requestURL); $.getJSON( requestURL, function( data ) { // data consol...
Ryan Mc
1

votes
2

answer
48

Views

What is correct order to AddCors into .Net Core?

First MVC middleware or Cors Middleware. services.AddMvc() services.AddCors(); Sorry official doc mentions above however I have seen other examples with reverse order working fine as well. Could you share a glimple on internals on how it works?
Abhijeet
1

votes
0

answer
130

Views

ASP.NET Web API and IdentityServer issue with CORS

I had an MVC controller which was doing logout and it was working fine. We decided to migrate from MVC to Web API and translated all the code. Now, on logout action I'm getting response error like CORS request made for path: path-to-my-identity-server/login from origin: localhost:port but rejecte...
anatol
1

votes
0

answer
185

Views

CORS with SonarQube

I am trying to put an iframe tag inside my jenkins website from sonarqube (version 6.7) specific project. i get this error: 'refused to display 'https://...' in a frame beacuse it set X-Frame-Options to sameorigin' I added this code to the web.xml file - CorsFilter org.apache.catalina.filters.CorsF...
Noa Amir
1

votes
0

answer
175

Views

CORS issue with Okta - AngularJS controller call to .NET Core Controller

I currently have a .NET Core 2 web app which serves up data to the frontend via AngularJS 1.6.6 calls to the backend API. When users enter the first page of the site (index.html), an AngularJS controller does an HTTP Get to grab some data from the database to serve up in a table. I'm trying to inte...
thunder chunky
1

votes
1

answer
52

Views

How to configure Arango DB to use Cross-Origin Resource Sharing (CORS)

How to configure ArangoDB to use CORS in MacOS. The documentation is not clear for me. They told to use: arangod --http.trusted-origin 'http://localhost:8529' Ok. But how to run this if service is starting automatically.
MrDuDuDu
1

votes
0

answer
73

Views

github Oauth with Angular Error

getUserFromGithub() { const client_id = 'c****************c'; const redirect_url = 'http://localhost:4200/oauth2/github'; window.location.href = this.github_redirect_url + 'authorize?client_id='+ client_id+'&redirect_uri='+redirect_url+'&response_type=code&scope=*'; } Above angular method redirects...
Saurabh Verma
1

votes
1

answer
865

Views

Response for preflight has invalid http status code 401? [duplicate]

This question already has an answer here: Basic authentication with header - Javascript XMLHttpRequest 2 answers HTTP status code 401 even though I’m sending an Authorization request header 1 answer I am consuming a web service which is hosted in our on premise Development environment. I am able...
Abhi
1

votes
1

answer
233

Views

GAE(Spring Boot App) CORS check not returning Access-Control-Allow-Origin header

I have spent the whole day trying to deploy a Spring Boot Application (REST API) to Google App Engine, and I am stuck trying to get past the CORS configuration. The spring application works locally so I know that Spring CORS configuration is correct. However, I get the following error when I deploy...
Calvin Son
1

votes
0

answer
41

Views

What's most elegant/secure/recommended way to solve “Response to preflight request ” issue

I've done a research on SO on this, but to my surprise, lots of SO answers on this recommending a quick and dirty solution which is to turn off chrome's security! I cannot believe we've got this as recommend solution. There must be a better way. The error is this: Response to preflight request d...
Average Joe
1

votes
0

answer
72

Views

Preflight response won't accept my header params

I have written a REST API using CodeIgniter 3.0. I am trying to make calls to this API using Angular 2.0 Http module inside of a service. Anytime I include a header parameter in the request, this error is thrown. Request header field apikey is not allowed by Access-Control-Allow-Headers in prefligh...
Alim Charaniya
1

votes
0

answer
47

Views

JQuery GET request returns missing CORS origin

OK, I have 3 servers that need to communicate together for a GET request. But I keep getting the origin is missing error, I can see the information that I want to receive in postman (so I know that my url's and passing on information works). Server with a public website from which the request starts...
Johan
1

votes
1

answer
1.1k

Views

django-cors-headers not working at all

Well, initially I had forgotten the middleware class but after adding it just worked fine ( It was a week ago ). Now, I am back to my workstation and I find it again not working. The ACCESS_CONTROL_ALLOW_ORIGIN headers are not at all being set. I have tried all that is, placing the middleware at top...
jame
1

votes
1

answer
94

Views

Form POST from other domain is empty in PHP

When posting a form (using POST) from another domain, my POST collection is empty. And when I test with a simple HTML page on the same domain it works. This is my PHP code: Does anyone have an idea? Could it be a server setting/configuration? These are the headers I get back (when using Postman): Co...
Saku Pieper
1

votes
0

answer
89

Views

FabricJS ReactJS CORS Errors

I have an application built with ReactJS where I am using FabricJS extensively. For FabricJS I am using https://www.npmjs.com/package/fabric-webpack. The images are hosted on a S3 bucket. CORS configuration for the bucket: * PUT GET POST 3000 ETag * The problem is that the canvas gets tainted with s...
Aayush
1

votes
1

answer
411

Views

Best security practices for React + Django

I'm currently working on a project that uses Django API server and a NodeJS server running React. In development we're running Django on port 8000 and NodeJS on port 8080, and currently React is responsible for rendering the page and interacting with Django API, which provides data for React. In ord...
Fong Tinyik
1

votes
0

answer
179

Views

iframe screenshot on cross domain

I have an iframe loading a flash game embedded on domain1.com. The iframe is originating from domain3.com and domain3.com has the following CORS code in the htaccess file to allow access to domain1.com and additional domains. SetEnvIf Origin 'http(s)?://(www\.)? (domain1.com|domain2.com)$' AccessCon...
Alangoodie
1

votes
0

answer
35

Views

Is it common to have a “No 'Access-Control-Allow-Origin' header” error on a site you're developing, even though it wasn't there before?

I'm making a site with uses axios alongside react to grab data from this page: https://api.warframestat.us/pc From there, I was able to build some react components to grab the data. Suddenly, as of today, I had to install a chrome plugin to be able to view the backend data, even though I made no cha...
Matiny
1

votes
1

answer
577

Views

No access control allow origin in rails [duplicate]

This question already has an answer here: Allow anything through CORS Policy 7 answers I am getting this error while I am trying to hit on my api deployed on Heroku in rails application using Ruby on rails : Failed to load https://**: my API link deployed on Heroku No 'Access-Control-Allow-Origin...
Logan
1

votes
1

answer
34

Views

Accessing a custom header in the API

I am sending a custom header to an API that I control using an AJAX call made via AngularJS. Client (AngularJS) var authorization_token = 'qwerty'; var custom_token_value = 'abc123'; $http.get('http://api.mywebsite.com/endpoint',{ headers:{'Auth':authorization_token,'Custom_Header':custom_token_val...
yevg
10

votes
2

answer
9k

Views

Google's Places API and JQuery request - Origin http://localhost is not allowed by Access-Control-Allow-Origin

I doing some testing for a project I got in mind which involves using places nearby. So I went with the big guy and started messing around with Google's Places Api. I'm using leaflet with openstreet tiles for my map. Now everything is fine until I try to use the dang thing. var lat = coords.lat; v...
LouieV
1

votes
0

answer
34

Views

Configuring A Preflight Channel

I've run into an issue when POSTing to an external API. The error is always: Reason: missing token ‘content-type’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel After some research I've come to understand that a preflight request originates from my server, and is e...
Robbie Milejczak
1

votes
1

answer
802

Views

Debugging Apache AllowMethods error

We are running an API for our mobile app, and with the right HTTP headers, have been able to enable developing it locally using the live API without the need of a 'CORS plugin'. Now, it does not work anymore, probably since moving the domain name from one user to another (using DirectAdmin), but I...
Sygmoral
1

votes
0

answer
66

Views

Axios + Node v9.5.0 Cors Issues

I upgraded my node version from v8.9.4 to 9.5.0 and instantly my Vuejs Application started throwing Cors Issues. I downgraded and everything worked fine again. Just to be sure it is not something I am missing on my side when I upgraded I figured I'd ask to see if anyone else has this problem or had...
Supa Rain Da Dev
1

votes
0

answer
496

Views

Cross-Origin Request Blocked in VueJS and Pusher

I am having trouble on sending data to pusher. It says that Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api-ap1.pusher.com/apps/469389/events?auth_key=xxxxxxxxxxxxxxxxxxxxx&auth_timestamp=1517837082&auth_version=1.0&body_md5=xxxxxxxxxxxxxxxx...
Clyde Dexter Santiago
1

votes
0

answer
244

Views

How to add cors on AdonisJs?

I have a website uploaded on enter link description here created using AdonisJs . I want to create a file .well-known/stellar.toml . and i want to allow the access to this file from other websites . can you please direct me step by step? because am a little bit new in this .
Ys3
1

votes
1

answer
248

Views

Adding headers to iis static files not working in asp.net CORE

I want to add extra headers like Access-Control-Allow-Origin to my webAPI in order to consume this data in another project. At the moment I'm having this error: Failed to load http://localhost:49932/api/Restaurantes: No 'Access-Control-Allow-Origin' header is present on the requested resource. Orig...
Fábio Neves Rezende
1

votes
0

answer
125

Views

Firebase CORS issue in iframe

I have a software I have made which works fine on its own server but when in an iframe on another website all apple products (iPhone, iPad and safari) will give the following error and not allow any writes. However, they are able to read data. XMLHttpRequest cannot load https://firestore.googleapis....
Sean Cook
1

votes
0

answer
138

Views

IE - Access denied to angular.js file because of XMLHttpRequest

I have problem with Internet Explorer. I made a simple application in AngularJS, in Mozilla everything works file, but in IE I have problem like this: Error: Access is denied. at Anonymous function (file:[path]/angular%20app%20view%202/resources/angular.js:9766:7) at sendReq (file:[path]/angular%20a...
eveillaur
1

votes
1

answer
315

Views

CORS issue POST request (403 Forbidden) of App Android generated with Sencha CMD 6.5

I am desperate. I am trying to generated a app Android (Front-end) with Sencha CMD 6.5 that send requests to Tomcat Server (Back-end). The problem is the POST method , when App send the request in the header the 'Origin' parameter is set to 'file://' and the CORS of tomcat reject the request (Forbid...
daniel_aac
1

votes
1

answer
1.1k

Views

Running into cors issue trying to use Google API [duplicate]

This question already has an answer here: CORS and Angular $http GET to Google Places API 2 answers Google Maps API: No 'Access-Control-Allow-Origin' header is present on the requested resource 1 answer I'm building a React application right now and trying to use the Google Places API to populate...
user3750413

View additional questions