0

I've been having issues with this for too long and I am exhausted...

When my web app is calling my IAP-protected API endpoint, I receive the following error: No 'Access-Control-Allow-Origin' header is present on the requested resource.. What's interesting is that preflight requests and GET requests work.

The failing request is a POST with content-type: multipart/form-data (I am uploading a file). I've been thinking it's something wrong on my API, but I see this header in the response: x-goog-iap-generated-response: true, according to the documentation, this response is generated by IAP.

I couldn't find any solution to this problem, I've modified my IAP options:

accessSettings:
  corsSettings:
    allowHttpOptions: true

and it still doesn't work. What am I missing here?

Vaizgantas
  • 29
  • 1
  • 7
  • What’s the HTTP status code of the response? You can use the Network pane in browser devtools to check. If Chrome doesn’t show it, use the Network pane in Firefox devtools to check it. Is it a 4xx or 5xx error rather than a 200 OK success response? – sideshowbarker Aug 17 '21 at 12:03
  • @sideshowbarker Response code is 401, Chrome simply shows CORS Error in the status column. – Vaizgantas Aug 17 '21 at 12:10
  • Can you provide more details on what have you already tried to solve the issue ? – Wojtek_B Aug 18 '21 at 14:19

0 Answers0