-1

I get the following message: "Access to XMLHttpRequest at 'api-domain' from origin 'website-domain' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status"

This is how i handle the requests in my app.js file.

app.use((req, res, next) => {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader(
'Access-Control-Allow-Methods',
'OPTIONS, GET, POST, PUT, PATCH, DELETE'
);
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
res.setHeader('Access-Control-Expose-Headers', 'Authorization');
next();
});

I tried using my domain instead of the '*', but it doesnt work either.

Am i missing something here?

edit: i also tried this solution to handle preflight requests but it didnt work

module.exports = function (req, res, next) {
// CORS headers
res.header("Access-Control-Allow-Origin", "YOUR_URL"); // 
restrict it to the required domain
res.header("Access-Control-Allow-Methods", 
"GET,PUT,POST,DELETE,OPTIONS");
// Set custom headers for CORS
res.header("Access-Control-Allow-Headers", "Content- 
type,Accept,X-Custom-Header");

if (req.method === "OPTIONS") {
    return res.status(200).end();
}

return next();
};
Nicolas
  • 63
  • 6
  • Try `Access-Control-Allow-Origin: None`. – ControlAltDel Sep 09 '22 at 16:55
  • Preflight request uses OPTIONS http method. Make sure your server handles such requests, and it does it correctly. – Jakub Matczak Sep 09 '22 at 16:57
  • @JakubMatczak i clearly showed how i handle the requests, and its not working. – Nicolas Sep 09 '22 at 17:12
  • You are handling regular requests with cors headers which is good. Additionally, you'll need to handle preflight requests. That is what is failing. – James Sep 09 '22 at 17:25
  • 1
    @Nicolas you actually clearly showed that the preflight request fails with non-200 response. Your code just shows what headers are being added, but that's not everything. – Jakub Matczak Sep 09 '22 at 17:30
  • @James should i handle that after the regular requests? – Nicolas Sep 09 '22 at 17:32
  • check https://stackoverflow.com/questions/33483675/getting-express-server-to-accept-cors-request – James Sep 09 '22 at 17:36
  • Your current cors solution doesn't correctly end with an OK status code when the method is OPTIONS. Both the error, and your provided code, prove this. Using a standardized package, such as `cors` as suggested below, and configuring it properly to work with your environment and needs, is the better route. I assume your current setup ultimately results in the options request being responded to with a 404 because you have no routes matching OPTIONS method for your given route. The cors middleware, when configured properly, does this for you. – Kevin B Sep 09 '22 at 20:32

1 Answers1

-2

First remove all of your existing header. Do it with cors package.

Step 1: install the cors npm install cors

Step 2: import it var cors = require('cors')

Step 3: simply use in app. app.use(cors())

You can configure cors package. See details from here

Asif Jalil
  • 622
  • 5
  • 15