3

I'm making an api with Codeigniter 4 for a react application. Everything works fine in postman but when I make requests with axios (also tried fetch), it gets CORS error

Access to XMLHttpRequest at 'http://localhost:8080/testpost' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I tried adding headers to base controller:

header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Methods: POST,GET, OPTIONS");
header("Access-Control-Allow-Headers: *");

Now it works fine with requests without JSON body, but when I send json body same error occurs.

axios.post("http://localhost:8080/testpost", { data: "test" })
    .then((response) => {
        console.log(response);
    })
    .catch((err) => {
        console.log("error!!!");
    });

// Routes.php
$routes->post('/testpost', 'Home::testPost');

// Home Controller
public function testPost()
{
    return $this->response->setJSON('test response');
}

Thanks for your help

eminsh
  • 233
  • 1
  • 2
  • 9

4 Answers4

10

Please try by setting Apache response headers and redirect method to .htaccess in root of www/public directory, like this:

#Redirect for CORS Preflight request
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
#Set headers to access CORS Requests / allowing localhost only
Header always add Access-Control-Allow-Origin "*"
Header always add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header always add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

NOTE: Be careful by adding Header always add Access-Control-Allow-Origin "*" to your .htaccess, "*" open doors for attackers, replace * with your domain or subdumain!

Mamrezo
  • 1,309
  • 16
  • 20
Akash prajapati
  • 384
  • 3
  • 7
0

If the problem is because fonts are blocked due to www.yourdomain.com, then put these lines in your .htaccess file

# Rewrite "www.example.com -> example.com"
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]

Default folder of CodeIgniter already contain complete .htaccess file.

Muhammad Azeem Abbas
  • 21
  • 3
0

Add the given code to your construct method.

header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
$method = $_SERVER['REQUEST_METHOD'];
if($method == "OPTIONS") {
  die();
}
Udit
  • 129
  • 2
  • 6
0

On your index.php on public directory, just paste the following codes to set

headers for the response
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
$method = $_SERVER['REQUEST_METHOD'];
if($method == "OPTIONS") {
die();
}

just before the response areaenter image description here

ndotie
  • 1,830
  • 17
  • 18