1

I need to receive the privileges from Server for the Access-Control-Allow-Origin: *  in the response header. Keep receiving CORS error for some endpoints: 'Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.'

The setup below works for some endpoints but not all of endpoints, here is the one sample that isn't working

  • Use OAuth2.0 for authorization, successful response in the POSTMAN test with the access token

  • Pass the access token (configure with the domain, client id, audience, redirectUri) in the header for the axios call in the front end

// get token 
auth0Client = new Auth0Client({
   redirectUri: window.location.origin,
   audience: `https://${process.env.REACT_APP_AUTH_DOMAIN}/api/v2/`,
   client_id: process.env.REACT_APP_AUTH_CLIENTID,
   domain: process.env.REACT_APP_AUTH_DOMAIN
})
const token = await auth0Client.getTokenSilently({
  audience: `https://${process.env.REACT_APP_AUTH_DOMAIN}/api/v2/`
});


// here is the axios call
axios.get(shippingServicesApi.shippingRates, { headers: { Authorization: `Bearer ${token}`}})
   .then(response => {
      setShippingRates(response.data);
   })
   .catch(e => console.log(e));
  • At NodeJs endpoint, allow CORS policy through the function (tried to change Access-Control-Allow-Method to 'GET' and Access-Control-Allow-Headers to 'Origin, X-Requested-With, Content-Type, Accept, Authorization' from '*')
// Retrieves one shipping rate based on a requested ID, or all rates without a passed ID
const exportFunction = async (req, res) => {

    res.set('Access-Control-Allow-Origin', '*');
    res.set('Access-Control-Allow-Methods', '*');

    const connection = await makeConnection();
    connection.connect();
    
    const shippingRateId = req.query.shippingRateId;

    if (req.method === 'OPTIONS') {
        // Send response to OPTIONS requests
        res.header('Access-Control-Allow-Origin', '*');
        res.header('Access-Control-Allow-Methods', '*');
        res.header('Access-Control-Allow-Headers', '*');
        res.header('Access-Control-Max-Age', '3600');
        res.status(204).send('');
    } else {
    //If an ID was passed, find the rate with that ID
    if (shippingRateId !== undefined) {
        connection.query(`SELECT * FROM ShippingRate WHERE ShippingRateId = ${shippingRateId}`, (error, response) => {
            res.header('Access-Control-Allow-Origin', '*');
            res.header('Access-Control-Allow-Headers', '*');
            res.header('Access-Control-Allow-Methods', '*');  
            if(error) { 
                res.status(400).send(error);
            }
            res.status(200).send(response);
        })
    }

    //If no ID is passed, return all shipping rates
    else {
        connection.query(`SELECT * FROM ShippingRate `, (error, response) => {
            res.header('Access-Control-Allow-Origin', '*');
            res.header('Access-Control-Allow-Headers', '*');
            res.header('Access-Control-Allow-Methods', '*');  
            if(error) { 
                res.status(400).send(error);
            }
            res.status(200).send(response);
        })
    }}
    connection.end();
};

setting in endpoint.yaml config for GCP Api gateway

swagger: '2.0'
host: {gateway url here}
x-google-endpoints:
- name: {gateway url here}
  allowCors: True
securityDefinitions:
  auth0_jwt:
    authorizationUrl: {auth0 url}/authorize
    flow: implicit
    type: oauth2
    x-google-issuer: {auth0 url}
    x-google-jwks_uri: {auth0 url}/.well-known/jwks.json
    x-google-audiences: {auth0 url}/api/v2/
schemes:
  - https
produces:
  - application/json
path:
 /shippingRates:
  options:
      summary: handleoptions for shippingRates
      operationId: handleoptionsshippingRates
      x-google-backend:
        address: {Cloud Function Trigger URL}
      security:
        - auth0_jwt: []
      responses:
        '200':
          description: A successful response
          schema:
            type: object   
    post:
      summary: create a shipping rate
      operationId: createShippingRate
      x-google-backend:
        address:  {Cloud Function Trigger URL}
      security:
        - auth0_jwt: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string
    delete:
      summary: delete a shipping rate
      operationId: deleteShippingRate
      x-google-backend:
        address:  {Cloud Function Trigger URL}
      security:
        - auth0_jwt: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string
    get:
      summary: Get shipping rates
      operationId: getShippingRates
      x-google-backend:
        address:  {Cloud Function Trigger URL}
      security:
        - auth0_jwt: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string
      parameters:
        - name: shippingRateId
          in: query
          description: shippingRate Id
          type: integer
          format: int64
    patch:
      summary: update shipping rates
      operationId: updateShippingRate
      x-google-backend:
        address:  {Cloud Function Trigger URL}
      security:
        - auth0_jwt: []
      responses:
        '200':
          description: A successful response
          schema:
            type: string
Stella Zhou
  • 11
  • 1

0 Answers0