CORS issue in nodemcu esp8266

Question

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://192.168.100.2:8100' is therefore not allowed access. The response had HTTP status code 404.

Iam getting above error while trying to call put/post request in iot ESP8266 webserver.

Inorder to solve this , I tried adding below code. But nothing worked.

server.on("/", HTTP_OPTIONS, []() {
    server.sendHeader("Access-Control-Allow-Origin", "*");
    server.sendHeader("Allow", "HEAD,GET,PUT,POST,DELETE,OPTIONS");
    server.sendHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT");
    server.sendHeader("Access-Control-Allow-Headers", "X-Requested-With, X-HTTP-Method-Override, Content-Type, Cache-Control, Accept");
});

server.on("/testPost", HTTP_POST, testCors);
server.on("/testPut", HTTP_PUT, testCors);

And inside the function

void testCors()
{
    Serial.print("HTTP Method: ");
    Serial.println(server.method());

    server.sendHeader("Access-Control-Allow-Origin", "*");
    server.sendHeader("Allow", "HEAD,GET,PUT,POST,DELETE,OPTIONS");
    server.sendHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT");
    server.sendHeader("Access-Control-Allow-Headers", "X-Requested-With, X-HTTP-Method-Override, Content-Type, Cache-Control, Accept");
    server.send(200, "text/plain", "");
}

Thanks

Answer 1

This is the solution for the wildcard path that worked for me

void config_rest_server_routing()
{
    server.on("/", HTTP_GET, []() {
        server.send(200, "text/html",
                    "Welcome to the ESP8266 REST Web Server");
    });
    server.on("/leds", HTTP_GET, get_leds);
    server.on("/leds", HTTP_POST, testCors);
    server.on("/leds", HTTP_PUT, testCors);

    server.onNotFound(handleNotFound);
}
void handleNotFound()
{
    if (server.method() == HTTP_OPTIONS)
    {
        server.sendHeader("Access-Control-Allow-Origin", "*");
        server.sendHeader("Access-Control-Max-Age", "10000");
        server.sendHeader("Access-Control-Allow-Methods", "PUT,POST,GET,OPTIONS");
        server.sendHeader("Access-Control-Allow-Headers", "*");
        server.send(204);
    }
    else
    {
        server.send(404, "text/plain", "");
    }
}

Answer 2

The problem with adding the header to every request, as suggested by others, besides the annoying code duplication, is that you can't add it to serveStatic(). So I went into the source code and found void enableCORS(bool enable) Just add it before begin() and cors should now work for all routes.

server.enableCORS(true);
server.begin();

Answer 3

just add this line before every response:

server.sendHeader("Access-Control-Allow-Origin", "*");